354300x80000000000000002143497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:34.470{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36422-false10.0.1.12-8000- 354300x80000000000000002143498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:40.335{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36424-false10.0.1.12-8000- 354300x80000000000000002143499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:45.338{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36426-false10.0.1.12-8000- 354300x80000000000000002143500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:46.740{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39412-false10.0.1.12-8089- 354300x80000000000000002143501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:50.344{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36430-false10.0.1.12-8000- 354300x80000000000000002143502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:56.249{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36432-false10.0.1.12-8000- 23542300x80000000000000002143503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:00.857{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:01.344{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36434-false10.0.1.12-8000- 354300x80000000000000002143505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:06.396{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36436-false10.0.1.12-8000- 154100x80000000000000002143506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:08.685{ec230001-7fb4-6262-6824-0b7863550000}2715/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:08.695{ec230001-7fb4-6262-6824-0b7863550000}2715/bin/psroot 354300x80000000000000002143508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:11.436{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36438-false10.0.1.12-8000- 354300x80000000000000002143509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:16.439{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36440-false10.0.1.12-8000- 354300x80000000000000002143510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:22.274{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36442-false10.0.1.12-8000- 354300x80000000000000002143511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:27.380{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36444-false10.0.1.12-8000- 23542300x80000000000000002143512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:31.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:33.269{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36446-false10.0.1.12-8000- 354300x80000000000000002143514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:38.310{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36448-false10.0.1.12-8000- 354300x80000000000000002143515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:43.477{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36450-false10.0.1.12-8000- 354300x80000000000000002143516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:46.745{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39436-false10.0.1.12-8089- 354300x80000000000000002143517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:49.348{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36454-false10.0.1.12-8000- 354300x80000000000000002143518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:55.264{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36456-false10.0.1.12-8000- 23542300x80000000000000002143519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:01.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:01.240{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36458-false10.0.1.12-8000- 354300x80000000000000002143521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:06.353{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36460-false10.0.1.12-8000- 154100x80000000000000002143522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:09.740{ec230001-7ff1-6262-6804-60284f560000}2716/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:09.751{ec230001-7ff1-6262-6804-60284f560000}2716/bin/psroot 354300x80000000000000002143524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:11.382{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36462-false10.0.1.12-8000- 354300x80000000000000002143525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:16.400{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36464-false10.0.1.12-8000- 354300x80000000000000002143526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:22.298{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36466-false10.0.1.12-8000- 354300x80000000000000002143527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:27.365{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36468-false10.0.1.12-8000- 23542300x80000000000000002143528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:31.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:32.469{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36470-false10.0.1.12-8000- 354300x80000000000000002143530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:38.315{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36472-false10.0.1.12-8000- 354300x80000000000000002143531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:44.314{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36474-false10.0.1.12-8000- 354300x80000000000000002143532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:46.751{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39460-false10.0.1.12-8089- 354300x80000000000000002143533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:49.333{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36478-false10.0.1.12-8000- 354300x80000000000000002143534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:54.456{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36480-false10.0.1.12-8000- 354300x80000000000000002143535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:00.297{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36482-false10.0.1.12-8000- 23542300x80000000000000002143536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:01.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:05.471{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36484-false10.0.1.12-8000- 154100x80000000000000002143538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:10.752{ec230001-802e-6262-6804-1986c2550000}2717/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:10.764{ec230001-802e-6262-6804-1986c2550000}2717/bin/psroot 354300x80000000000000002143540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:11.279{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36486-false10.0.1.12-8000- 354300x80000000000000002143541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:16.436{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36488-false10.0.1.12-8000- 354300x80000000000000002143542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:22.290{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36490-false10.0.1.12-8000- 354300x80000000000000002143543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:27.333{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36492-false10.0.1.12-8000- 23542300x80000000000000002143544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:31.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:33.263{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36494-false10.0.1.12-8000- 354300x80000000000000002143546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:38.330{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36496-false10.0.1.12-8000- 154100x80000000000000002143547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.388{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudo-----sudo apt update/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002143551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47767-false10.0.0.2-53- 354300x80000000000000002143550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-56909-false10.0.0.2-53- 354300x80000000000000002143549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x80000000000000002143548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudptruefalse127.0.0.1-45689-false127.0.0.53-53- 354300x80000000000000002143554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-45689- 354300x80000000000000002143553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45689- 354300x80000000000000002143552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-47767- 354300x80000000000000002143556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.415{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37983- 354300x80000000000000002143555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.415{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudptruefalse127.0.0.1-37983-false127.0.0.53-53- 154100x80000000000000002143557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.418{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/apt-----apt update/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudosudoubuntu 154100x80000000000000002143558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.423{ec230001-804e-6262-7091-0e14d1550000}2720/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.426{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.cKvqXo--- 534500x80000000000000002143559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.426{ec230001-804e-6262-7091-0e14d1550000}2720/usr/bin/dpkgroot 23542300x80000000000000002143561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.431{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.5SxTSr--- 23542300x80000000000000002143562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.435{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.y633Ou--- 23542300x80000000000000002143563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.437{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.7SAwLx--- 23542300x80000000000000002143564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.438{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.iD0dIA--- 23542300x80000000000000002143565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.443{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.FI3HFD--- 23542300x80000000000000002143566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.445{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.66osDG--- 23542300x80000000000000002143567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.449{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.jtbXBJ--- 23542300x80000000000000002143568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.451{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.Yx9HAM--- 23542300x80000000000000002143569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.452{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.FnmJzP--- 23542300x80000000000000002143570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.453{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.UIcXyS--- 23542300x80000000000000002143571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.455{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.7LVnyV--- 23542300x80000000000000002143572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.456{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.KVI1xY--- 23542300x80000000000000002143573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.457{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.xRaWx1--- 23542300x80000000000000002143574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.460{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.ag3cy4--- 23542300x80000000000000002143575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.461{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.bPZIy7--- 23542300x80000000000000002143576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.463{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.cqVuza--- 154100x80000000000000002143577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.464{ec230001-804e-6262-b983-f3526d550000}2721/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 154100x80000000000000002143579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.473{ec230001-804e-6262-b953-1d86f4550000}2722/usr/lib/apt/methods/http-----/usr/lib/apt/methods/https/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.473{ec230001-804e-6262-b983-f3526d550000}2721/usr/lib/apt/methods/httproot 154100x80000000000000002143586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/http-----/usr/lib/apt/methods/https/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.vGvcRp--- 23542300x80000000000000002143584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.IniENm--- 23542300x80000000000000002143583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.LDo6Jj--- 23542300x80000000000000002143582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.oYNyGg--- 23542300x80000000000000002143581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.Rzy1Cd--- 534500x80000000000000002143580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-b953-1d86f4550000}2722/usr/lib/apt/methods/httproot 154100x80000000000000002143587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.485{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.486{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002143589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.487{ec230001-804e-6262-0000-000000000000}2725-root 154100x80000000000000002143590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.491{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 354300x80000000000000002143596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-58179-false127.0.0.53-53- 354300x80000000000000002143595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-51814-false127.0.0.53-53- 354300x80000000000000002143593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58105-false10.0.0.2-53- 354300x80000000000000002143592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-41745-false10.0.0.2-53- 354300x80000000000000002143591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-33656-false127.0.0.53-53- 354300x80000000000000002143594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.499{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-36806-false10.0.0.2-53- 354300x80000000000000002143598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.500{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51814- 354300x80000000000000002143597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.500{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33656- 354300x80000000000000002143604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58371-false10.0.0.2-53- 354300x80000000000000002143603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-46231-false10.0.0.2-53- 354300x80000000000000002143602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47331-false10.0.0.2-53- 354300x80000000000000002143601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-45137-false10.0.0.2-53- 354300x80000000000000002143600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-57544-false127.0.0.53-53- 354300x80000000000000002143599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-43980-false127.0.0.53-53- 354300x80000000000000002143606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-57544- 354300x80000000000000002143605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43980- 354300x80000000000000002143607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.504{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-49556-false52.15.102.108-80- 154100x80000000000000002143608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.507{ec230001-804e-6262-60ba-fe4bbf550000}2727/usr/lib/apt/methods/gpgv-----/usr/lib/apt/methods/gpgv/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.512{ec230001-804e-6262-60ba-fe4bbf550000}2727/usr/lib/apt/methods/gpgvroot 354300x80000000000000002143609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.512{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-36806- 154100x80000000000000002143613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-804e-6262-60ea-87805b550000}2728/usr/lib/apt/methods/gpgv-----/usr/lib/apt/methods/gpgv/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 354300x80000000000000002143612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-60758-false127.0.0.53-53- 354300x80000000000000002143611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58179- 354300x80000000000000002143615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-34603-false10.0.0.2-53- 354300x80000000000000002143614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-59510-false10.0.0.2-53- 354300x80000000000000002143616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.527{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60758- 154100x80000000000000002143617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.533{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.5bxI7z /tmp/apt.data.8d3ThD/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2729--- 534500x80000000000000002143619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.536{00000000-0000-0000-0000-000000000000}2731<unknown process>_apt 354300x80000000000000002143618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.536{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47112-false10.0.0.2-53- 154100x80000000000000002143620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.537{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.541{ec230001-804e-6262-70f1-c5f464550000}2733/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-configapt-config_apt 534500x80000000000000002143623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.544{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-config_apt 534500x80000000000000002143622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.544{ec230001-804e-6262-70f1-c5f464550000}2733/usr/bin/dpkg_apt 154100x80000000000000002143624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.545{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.549{ec230001-804e-6262-7041-2d34a0550000}2735/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-configapt-config_apt 354300x80000000000000002143625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.549{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-34868-false13.90.56.68-443- 534500x80000000000000002143627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.554{ec230001-804e-6262-7041-2d34a0550000}2735/usr/bin/dpkg_apt 154100x80000000000000002143629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.555{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.555{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-config_apt 154100x80000000000000002143630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.560{ec230001-804e-6262-70b1-ce76ac550000}2737/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-configapt-config_apt 534500x80000000000000002143631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.562{ec230001-804e-6262-70b1-ce76ac550000}2737/usr/bin/dpkg_apt 154100x80000000000000002143633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.563{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.563{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-config_apt 154100x80000000000000002143634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.569{ec230001-804e-6262-70c1-08fafb550000}2739/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-configapt-config_apt 534500x80000000000000002143635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.571{ec230001-804e-6262-70c1-08fafb550000}2739/usr/bin/dpkg_apt 534500x80000000000000002143636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.573{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-config_apt 154100x80000000000000002143637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.576{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.583{ec230001-804e-6262-7021-070fd8550000}2741/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-configapt-config_apt 534500x80000000000000002143639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.585{ec230001-804e-6262-7021-070fd8550000}2741/usr/bin/dpkg_apt 534500x80000000000000002143640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.586{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-config_apt 154100x80000000000000002143641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.587{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 354300x80000000000000002143642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.588{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-55588-false185.125.190.39-80- 154100x80000000000000002143643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.596{ec230001-804e-6262-70e1-4f5d4d560000}2743/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-configapt-config_apt 534500x80000000000000002143644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.597{ec230001-804e-6262-70e1-4f5d4d560000}2743/usr/bin/dpkg_apt 534500x80000000000000002143646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.598{ec230001-804e-6262-0000-000000000000}2744-_apt 534500x80000000000000002143645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.598{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-config_apt 154100x80000000000000002143647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.599{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.609{ec230001-804e-6262-70a1-56df96550000}2746/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-configapt-config_apt 534500x80000000000000002143650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.611{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-config_apt 534500x80000000000000002143649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.611{ec230001-804e-6262-70a1-56df96550000}2746/usr/bin/dpkg_apt 154100x80000000000000002143651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.612{ec230001-804e-6262-a850-e38534560000}2747/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.613{ec230001-804e-6262-e0f1-7cd995550000}2748/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.613{ec230001-804e-6262-a850-e38534560000}2747/bin/mktemp_apt 154100x80000000000000002143655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.614{ec230001-804e-6262-c0e5-8e18e0550000}2749/bin/readlink-----readlink -f /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.614{ec230001-804e-6262-e0f1-7cd995550000}2748/bin/chmod_apt 154100x80000000000000002143657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.615{ec230001-804e-6262-7033-2f490b560000}2750/bin/rm-----rm -f /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.615{ec230001-804e-6262-c0e5-8e18e0550000}2749/bin/readlink_apt 154100x80000000000000002143659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.619{ec230001-804e-6262-1080-0e8402560000}2751/bin/touch-----touch /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.619{ec230001-804e-6262-7033-2f490b560000}2750/bin/rm_apt 534500x80000000000000002143660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.620{ec230001-804e-6262-1080-0e8402560000}2751/bin/touch_apt 154100x80000000000000002143661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.621{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.626{ec230001-804e-6262-7011-660f73550000}2753/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-configapt-config_apt 534500x80000000000000002143664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.628{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-config_apt 534500x80000000000000002143663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.628{ec230001-804e-6262-7011-660f73550000}2753/usr/bin/dpkg_apt 534500x80000000000000002143666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.629{ec230001-804e-6262-c065-b71a13560000}2754/bin/readlink_apt 154100x80000000000000002143665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.629{ec230001-804e-6262-c065-b71a13560000}2754/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.630{ec230001-804e-6262-90d0-964d96550000}2755/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.631{ec230001-804e-6262-90d0-964d96550000}2755/usr/bin/find_apt 154100x80000000000000002143670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.632{ec230001-804e-6262-18ca-f31a46560000}2758/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2756--- 534500x80000000000000002143669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.632{00000000-0000-0000-0000-000000000000}2757<unknown process>_apt 154100x80000000000000002143674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{ec230001-804e-6262-487e-f11b64550000}2760/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{00000000-0000-0000-0000-000000000000}2759<unknown process>_apt 534500x80000000000000002143672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{00000000-0000-0000-0000-000000000000}2756<unknown process>_apt 534500x80000000000000002143671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{ec230001-804e-6262-18ca-f31a46560000}2758/usr/bin/sort_apt 534500x80000000000000002143675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.634{ec230001-804e-6262-487e-f11b64550000}2760/usr/bin/cmp_apt 154100x80000000000000002143677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.635{ec230001-804e-6262-d029-050602560000}2762/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.635{00000000-0000-0000-0000-000000000000}2761<unknown process>_apt 154100x80000000000000002143680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{ec230001-804e-6262-48de-9c99a9550000}2764/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{00000000-0000-0000-0000-000000000000}2763<unknown process>_apt 534500x80000000000000002143678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{ec230001-804e-6262-d029-050602560000}2762/bin/cat_apt 534500x80000000000000002143681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.637{ec230001-804e-6262-48de-9c99a9550000}2764/usr/bin/cmp_apt 534500x80000000000000002143684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-d069-0509f4550000}2766/bin/cat_apt 154100x80000000000000002143683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-d069-0509f4550000}2766/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-0000-000000000000}2765-_apt 154100x80000000000000002143686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.639{ec230001-804e-6262-486e-e22567550000}2768/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.639{00000000-0000-0000-0000-000000000000}2767<unknown process>_apt 534500x80000000000000002143687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.640{ec230001-804e-6262-486e-e22567550000}2768/usr/bin/cmp_apt 154100x80000000000000002143689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.641{ec230001-804e-6262-d089-9e19eb550000}2770/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.641{00000000-0000-0000-0000-000000000000}2769<unknown process>_apt 154100x80000000000000002143692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.642{ec230001-804e-6262-48ce-1f3a02560000}2772/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.642{ec230001-804e-6262-d089-9e19eb550000}2770/bin/cat_apt 534500x80000000000000002143691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.643{00000000-0000-0000-0000-000000000000}2771<unknown process>_apt 154100x80000000000000002143695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-d0b9-067e4c560000}2774/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-0000-000000000000}2773-_apt 534500x80000000000000002143693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-48ce-1f3a02560000}2772/usr/bin/cmp_apt 154100x80000000000000002143697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.645{ec230001-804e-6262-982a-a43e80550000}2775/bin/cp-----cp -a /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.645{ec230001-804e-6262-d0b9-067e4c560000}2774/bin/cat_apt 154100x80000000000000002143700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-f84a-2ac76b550000}2778/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2776--- 534500x80000000000000002143699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-0000-000000000000}2777-_apt 534500x80000000000000002143698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-982a-a43e80550000}2775/bin/cp_apt 154100x80000000000000002143704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{ec230001-804e-6262-f8aa-8231f8550000}2781/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2779--- 534500x80000000000000002143703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{00000000-0000-0000-0000-000000000000}2780<unknown process>_apt 534500x80000000000000002143702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{00000000-0000-0000-0000-000000000000}2776<unknown process>_apt 534500x80000000000000002143701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{ec230001-804e-6262-f84a-2ac76b550000}2778/bin/sed_apt 154100x80000000000000002143707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{ec230001-804e-6262-789e-3cef24560000}2782/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.N1QYtwIK3O --keyring /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.5bxI7z /tmp/apt.data.8d3ThD/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{00000000-0000-0000-0000-000000000000}2779<unknown process>_apt 534500x80000000000000002143705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{ec230001-804e-6262-f8aa-8231f8550000}2781/bin/sed_apt 154100x80000000000000002143709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.665{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.665{ec230001-804e-6262-789e-3cef24560000}2782/usr/bin/gpgv_apt 154100x80000000000000002143710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.666{ec230001-804e-6262-30c8-477bee550000}2784/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.669{ec230001-804e-6262-3088-092a04560000}2785/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.669{ec230001-804e-6262-30c8-477bee550000}2784/usr/bin/gpg-connect-agent_apt 534500x80000000000000002143713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.670{ec230001-804e-6262-3088-092a04560000}2785/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.671{ec230001-804e-6262-30a8-41918f550000}2786/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-7003-6b01c3550000}2787/bin/rm-----rm -rf /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconf_apt 534500x80000000000000002143715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-30a8-41918f550000}2786/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002143725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.5bxI7z--- 23542300x80000000000000002143724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.8d3ThD--- 23542300x80000000000000002143723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.w5bxXw--- 534500x80000000000000002143722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash_apt 534500x80000000000000002143721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787/bin/rm_apt 23542300x80000000000000002143720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg--- 23542300x80000000000000002143719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/pubring.orig.gpg--- 23542300x80000000000000002143718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/gpg.1.sh--- 23542300x80000000000000002143727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.674{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.GpIMrt--- 534500x80000000000000002143726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.674{ec230001-804e-6262-60ea-87805b550000}2729/usr/lib/apt/methods/gpgv_apt 534500x80000000000000002143729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.682{00000000-0000-0000-0000-000000000000}2788<unknown process>root 23542300x80000000000000002143728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.682{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 154100x80000000000000002143730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.687{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.DCb9IM /tmp/apt.data.McZTkQ/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2789--- 154100x80000000000000002143732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.688{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.688{00000000-0000-0000-0000-000000000000}2791<unknown process>_apt 154100x80000000000000002143733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.692{ec230001-804e-6262-7091-9ea63b560000}2793/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-configapt-config_apt 154100x80000000000000002143736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-config_apt 534500x80000000000000002143734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7091-9ea63b560000}2793/usr/bin/dpkg_apt 154100x80000000000000002143737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.700{ec230001-804e-6262-70b1-154e64550000}2795/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-configapt-config_apt 534500x80000000000000002143738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.702{ec230001-804e-6262-70b1-154e64550000}2795/usr/bin/dpkg_apt 154100x80000000000000002143740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.703{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.703{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-config_apt 154100x80000000000000002143741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.707{ec230001-804e-6262-7091-6c490b560000}2797/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-configapt-config_apt 534500x80000000000000002143742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.709{ec230001-804e-6262-7091-6c490b560000}2797/usr/bin/dpkg_apt 154100x80000000000000002143744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.710{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.710{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-config_apt 154100x80000000000000002143745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.716{ec230001-804e-6262-7041-7aad8f550000}2799/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-configapt-config_apt 534500x80000000000000002143746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.718{ec230001-804e-6262-7041-7aad8f550000}2799/usr/bin/dpkg_apt 534500x80000000000000002143747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.721{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-config_apt 154100x80000000000000002143748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.722{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.726{ec230001-804e-6262-7051-cde454560000}2801/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-configapt-config_apt 534500x80000000000000002143750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.729{ec230001-804e-6262-7051-cde454560000}2801/usr/bin/dpkg_apt 534500x80000000000000002143751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.730{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-config_apt 154100x80000000000000002143752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.731{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.736{ec230001-804e-6262-70b1-0c822b560000}2803/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-configapt-config_apt 534500x80000000000000002143756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-60ea-87805b550000}2804-_apt 534500x80000000000000002143755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-config_apt 534500x80000000000000002143754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-70b1-0c822b560000}2803/usr/bin/dpkg_apt 154100x80000000000000002143757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.739{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.744{ec230001-804e-6262-70d1-d37a7f550000}2806/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-configapt-config_apt 534500x80000000000000002143759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.746{ec230001-804e-6262-70d1-d37a7f550000}2806/usr/bin/dpkg_apt 154100x80000000000000002143761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.747{ec230001-804e-6262-a8f0-e5fdcb550000}2807/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.747{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-config_apt 154100x80000000000000002143763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.748{ec230001-804e-6262-e0f1-38da0f560000}2808/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.748{ec230001-804e-6262-a8f0-e5fdcb550000}2807/bin/mktemp_apt 154100x80000000000000002143765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.749{ec230001-804e-6262-c0b5-1f26b3550000}2809/bin/readlink-----readlink -f /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.749{ec230001-804e-6262-e0f1-38da0f560000}2808/bin/chmod_apt 154100x80000000000000002143769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-1050-cb8957550000}2811/bin/touch-----touch /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-7083-ca8f1f560000}2810/bin/rm_apt 154100x80000000000000002143767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-7083-ca8f1f560000}2810/bin/rm-----rm -f /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-c0b5-1f26b3550000}2809/bin/readlink_apt 154100x80000000000000002143771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.751{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.751{ec230001-804e-6262-1050-cb8957550000}2811/bin/touch_apt 154100x80000000000000002143772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.756{ec230001-804e-6262-70e1-4b1460550000}2813/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-configapt-config_apt 534500x80000000000000002143773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.758{ec230001-804e-6262-70e1-4b1460550000}2813/usr/bin/dpkg_apt 154100x80000000000000002143775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.759{ec230001-804e-6262-c0b5-956d58550000}2814/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.759{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-config_apt 154100x80000000000000002143777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.760{ec230001-804e-6262-90b0-62374a560000}2815/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.760{ec230001-804e-6262-c0b5-956d58550000}2814/bin/readlink_apt 534500x80000000000000002143778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.761{ec230001-804e-6262-90b0-62374a560000}2815/usr/bin/find_apt 154100x80000000000000002143780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.762{ec230001-804e-6262-185a-45bbdc550000}2818/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2816--- 534500x80000000000000002143779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.762{00000000-0000-0000-0000-000000000000}2817<unknown process>_apt 154100x80000000000000002143784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-48ee-1bef8b550000}2820/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{00000000-0000-0000-0000-000000000000}2819<unknown process>_apt 534500x80000000000000002143782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-60ea-87805b550000}2816-_apt 534500x80000000000000002143781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-185a-45bbdc550000}2818/usr/bin/sort_apt 154100x80000000000000002143787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-d0f9-4e0ad3550000}2822/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-60ea-87805b550000}2821-_apt 534500x80000000000000002143785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-48ee-1bef8b550000}2820/usr/bin/cmp_apt 154100x80000000000000002143790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.765{ec230001-804e-6262-481e-d62d35560000}2824/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.765{ec230001-804e-6262-d0f9-4e0ad3550000}2822/bin/cat_apt 534500x80000000000000002143791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.766{ec230001-804e-6262-481e-d62d35560000}2824/usr/bin/cmp_apt 534500x80000000000000002143789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.766{00000000-0000-0000-0000-000000000000}2823<unknown process>_apt 154100x80000000000000002143793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.767{ec230001-804e-6262-d0b9-9af0f6550000}2826/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.767{ec230001-804e-6262-60ea-87805b550000}2825-_apt 154100x80000000000000002143796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{ec230001-804e-6262-482e-b04d41560000}2828/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{00000000-0000-0000-0000-000000000000}2827<unknown process>_apt 534500x80000000000000002143794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{ec230001-804e-6262-d0b9-9af0f6550000}2826/bin/cat_apt 154100x80000000000000002143799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-d099-40e655550000}2830/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-60ea-87805b550000}2829-_apt 534500x80000000000000002143797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-482e-b04d41560000}2828/usr/bin/cmp_apt 154100x80000000000000002143802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-486e-725ba8550000}2832/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-0000-000000000000}2831-_apt 534500x80000000000000002143800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-d099-40e655550000}2830/bin/cat_apt 154100x80000000000000002143805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-d059-d517b4550000}2834/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-0000-000000000000}2833-_apt 534500x80000000000000002143803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-486e-725ba8550000}2832/usr/bin/cmp_apt 154100x80000000000000002143807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.773{ec230001-804e-6262-988a-72b323560000}2835/bin/cp-----cp -a /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg /tmp/apt-key-gpghome.wbypAABFIG/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.773{ec230001-804e-6262-d059-d517b4550000}2834/bin/cat_apt 154100x80000000000000002143810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{ec230001-804e-6262-f80a-acfcb8550000}2838/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2836--- 534500x80000000000000002143809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{00000000-0000-0000-0000-000000000000}2837<unknown process>_apt 534500x80000000000000002143808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{ec230001-804e-6262-988a-72b323560000}2835/bin/cp_apt 154100x80000000000000002143814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{ec230001-804e-6262-f82a-e75a59550000}2841/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2839--- 534500x80000000000000002143812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{00000000-0000-0000-0000-000000000000}2836<unknown process>_apt 534500x80000000000000002143811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{ec230001-804e-6262-f80a-acfcb8550000}2838/bin/sed_apt 534500x80000000000000002143813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.778{00000000-0000-0000-0000-000000000000}2840<unknown process>_apt 154100x80000000000000002143817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{ec230001-804e-6262-789e-178435560000}2842/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.wbypAABFIG --keyring /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.DCb9IM /tmp/apt.data.McZTkQ/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{00000000-0000-0000-0000-000000000000}2839<unknown process>_apt 534500x80000000000000002143815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{ec230001-804e-6262-f82a-e75a59550000}2841/bin/sed_apt 154100x80000000000000002143819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.783{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.783{ec230001-804e-6262-789e-178435560000}2842/usr/bin/gpgv_apt 154100x80000000000000002143820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.784{ec230001-804e-6262-30c8-ff940d560000}2844/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.786{ec230001-804e-6262-3048-2930b0550000}2845/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.786{ec230001-804e-6262-30c8-ff940d560000}2844/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.787{ec230001-804e-6262-30f8-1f9d45560000}2846/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.787{ec230001-804e-6262-3048-2930b0550000}2845/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-7043-4ae795550000}2847/bin/rm-----rm -rf /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconf_apt 534500x80000000000000002143825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-30f8-1f9d45560000}2846/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002143835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.DCb9IM--- 23542300x80000000000000002143834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.McZTkQ--- 23542300x80000000000000002143833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.EqDo7I--- 534500x80000000000000002143832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash_apt 534500x80000000000000002143831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847/bin/rm_apt 23542300x80000000000000002143830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg--- 23542300x80000000000000002143829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/pubring.orig.gpg--- 23542300x80000000000000002143828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/gpg.1.sh--- 23542300x80000000000000002143837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.791{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.f9Fbmx--- 534500x80000000000000002143836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.791{ec230001-804e-6262-60ea-87805b550000}2789/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002143838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.793{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.co5UgB--- 154100x80000000000000002143839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.801{ec230001-804e-6262-6892-129335560000}2849/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.ngwuXX /tmp/apt.data.baxJS1/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2848--- 534500x80000000000000002143840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.806{ec230001-804e-6262-0000-000000000000}2850-_apt 154100x80000000000000002143841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.807{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.812{ec230001-804e-6262-7031-7c4afd550000}2852/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-configapt-config_apt 534500x80000000000000002143843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.814{ec230001-804e-6262-7031-7c4afd550000}2852/usr/bin/dpkg_apt 154100x80000000000000002143845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.815{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.815{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-config_apt 154100x80000000000000002143846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.820{ec230001-804e-6262-70b1-e02a9f550000}2854/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-configapt-config_apt 154100x80000000000000002143849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-config_apt 534500x80000000000000002143847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-70b1-e02a9f550000}2854/usr/bin/dpkg_apt 154100x80000000000000002143850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.829{ec230001-804e-6262-7031-49013a560000}2856/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-configapt-config_apt 534500x80000000000000002143851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.831{ec230001-804e-6262-7031-49013a560000}2856/usr/bin/dpkg_apt 154100x80000000000000002143853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.832{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.832{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-config_apt 154100x80000000000000002143854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.836{ec230001-804e-6262-7021-727272550000}2858/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-configapt-config_apt 534500x80000000000000002143855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.839{ec230001-804e-6262-7021-727272550000}2858/usr/bin/dpkg_apt 154100x80000000000000002143857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.840{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.840{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-config_apt 154100x80000000000000002143859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.845{ec230001-804e-6262-8915-2a0ffc550000}2861/usr/lib/apt/methods/store-----/usr/lib/apt/methods/store/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 154100x80000000000000002143858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.845{ec230001-804e-6262-7071-4521ef550000}2860/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-configapt-config_apt 154100x80000000000000002143862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-config_apt 534500x80000000000000002143860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7071-4521ef550000}2860/usr/bin/dpkg_apt 154100x80000000000000002143864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.849{ec230001-804e-6262-8965-0e7ce9550000}2863/usr/lib/apt/methods/store-----/usr/lib/apt/methods/store/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.849{ec230001-804e-6262-8915-2a0ffc550000}2861/usr/lib/apt/methods/storeroot 154100x80000000000000002143865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.853{ec230001-804e-6262-70f1-fac237560000}2864/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-configapt-config_apt 534500x80000000000000002143867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.856{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-config_apt 534500x80000000000000002143866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.856{ec230001-804e-6262-70f1-fac237560000}2864/usr/bin/dpkg_apt 154100x80000000000000002143869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.857{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.857{ec230001-804e-6262-0000-000000000000}2865-_apt 154100x80000000000000002143870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.862{ec230001-804e-6262-7021-0c7265550000}2867/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-configapt-config_apt 534500x80000000000000002143871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.863{ec230001-804e-6262-7021-0c7265550000}2867/usr/bin/dpkg_apt 154100x80000000000000002143873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.864{ec230001-804e-6262-a8b0-539379550000}2868/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.864{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-config_apt 154100x80000000000000002143875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.865{ec230001-804e-6262-e061-503985550000}2869/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.865{ec230001-804e-6262-a8b0-539379550000}2868/bin/mktemp_apt 154100x80000000000000002143877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.866{ec230001-804e-6262-c0c5-fe1f8b550000}2870/bin/readlink-----readlink -f /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.866{ec230001-804e-6262-e061-503985550000}2869/bin/chmod_apt 154100x80000000000000002143879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.867{ec230001-804e-6262-70e3-13523d560000}2871/bin/rm-----rm -f /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.867{ec230001-804e-6262-c0c5-fe1f8b550000}2870/bin/readlink_apt 154100x80000000000000002143881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.868{ec230001-804e-6262-1020-017ce1550000}2872/bin/touch-----touch /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.868{ec230001-804e-6262-70e3-13523d560000}2871/bin/rm_apt 154100x80000000000000002143883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.869{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.869{ec230001-804e-6262-1020-017ce1550000}2872/bin/touch_apt 154100x80000000000000002143884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.874{ec230001-804e-6262-7011-3bedd0550000}2874/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-configapt-config_apt 534500x80000000000000002143885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.876{ec230001-804e-6262-7011-3bedd0550000}2874/usr/bin/dpkg_apt 154100x80000000000000002143887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.877{ec230001-804e-6262-c005-da9bbf550000}2875/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.877{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-config_apt 154100x80000000000000002143889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.878{ec230001-804e-6262-9060-c74b73550000}2876/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.878{ec230001-804e-6262-c005-da9bbf550000}2875/bin/readlink_apt 534500x80000000000000002143890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.879{ec230001-804e-6262-9060-c74b73550000}2876/usr/bin/find_apt 154100x80000000000000002143892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.880{ec230001-804e-6262-18ca-4e7d3c560000}2879/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2877--- 534500x80000000000000002143891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.880{ec230001-804e-6262-0000-000000000000}2878-_apt 154100x80000000000000002143896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{ec230001-804e-6262-482e-d8c8c7550000}2881/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{00000000-0000-0000-0000-000000000000}2877<unknown process>_apt 534500x80000000000000002143893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{ec230001-804e-6262-18ca-4e7d3c560000}2879/usr/bin/sort_apt 534500x80000000000000002143898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{ec230001-804e-6262-0000-000000000000}2882-_apt 534500x80000000000000002143897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{ec230001-804e-6262-482e-d8c8c7550000}2881/usr/bin/cmp_apt 534500x80000000000000002143895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{00000000-0000-0000-0000-000000000000}2880<unknown process>_apt 534500x80000000000000002143900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.883{ec230001-804e-6262-d009-b6f7d0550000}2883/bin/cat_apt 154100x80000000000000002143899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.883{ec230001-804e-6262-d009-b6f7d0550000}2883/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{ec230001-804e-6262-489e-7b0360550000}2885/usr/bin/cmp_apt 534500x80000000000000002143902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{00000000-0000-0000-0000-000000000000}2884<unknown process>_apt 154100x80000000000000002143901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{ec230001-804e-6262-489e-7b0360550000}2885/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.885{ec230001-804e-6262-d0a9-bb1bfb550000}2887/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.885{ec230001-804e-6262-0000-000000000000}2886-_apt 154100x80000000000000002143908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{ec230001-804e-6262-488e-0c7e16560000}2889/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{00000000-0000-0000-0000-000000000000}2888<unknown process>_apt 534500x80000000000000002143906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{ec230001-804e-6262-d0a9-bb1bfb550000}2887/bin/cat_apt 154100x80000000000000002143911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-d059-5f3a99550000}2891/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-0000-000000000000}2890-_apt 534500x80000000000000002143909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-488e-0c7e16560000}2889/usr/bin/cmp_apt 154100x80000000000000002143914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-488e-795e78550000}2893/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-0000-000000000000}2892-_apt 534500x80000000000000002143912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-d059-5f3a99550000}2891/bin/cat_apt 534500x80000000000000002143916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.889{ec230001-804e-6262-0000-000000000000}2894-_apt 534500x80000000000000002143915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.889{ec230001-804e-6262-488e-795e78550000}2893/usr/bin/cmp_apt 534500x80000000000000002143918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.890{ec230001-804e-6262-d079-5cc6c2550000}2895/bin/cat_apt 154100x80000000000000002143917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.890{ec230001-804e-6262-d079-5cc6c2550000}2895/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.893{ec230001-804e-6262-980a-af82aa550000}2896/bin/cp-----cp -a /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-0000-000000000000}2898-_apt 154100x80000000000000002143921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-f8fa-dcd863550000}2899/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2897--- 534500x80000000000000002143920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-980a-af82aa550000}2896/bin/cp_apt 154100x80000000000000002143926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-f83a-0fef6d550000}2902/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2900--- 534500x80000000000000002143925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-0000-000000000000}2901-_apt 534500x80000000000000002143924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-0000-000000000000}2897-_apt 534500x80000000000000002143923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-f8fa-dcd863550000}2899/bin/sed_apt 154100x80000000000000002143929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-78ce-6e6320560000}2903/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.M5BY5OUQ5C --keyring /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.ngwuXX /tmp/apt.data.baxJS1/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-0000-000000000000}2900-_apt 534500x80000000000000002143927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-f83a-0fef6d550000}2902/bin/sed_apt 154100x80000000000000002143931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.902{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.902{ec230001-804e-6262-78ce-6e6320560000}2903/usr/bin/gpgv_apt 154100x80000000000000002143932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.903{ec230001-804e-6262-3038-e013c0550000}2905/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.905{ec230001-804e-6262-30f8-2050a7550000}2906/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.905{ec230001-804e-6262-3038-e013c0550000}2905/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.906{ec230001-804e-6262-30b8-b93943560000}2907/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.906{ec230001-804e-6262-30f8-2050a7550000}2906/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-70b3-cfe791550000}2908/bin/rm-----rm -rf /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconf_apt 534500x80000000000000002143937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-30b8-b93943560000}2907/usr/bin/gpg-connect-agent_apt 534500x80000000000000002143944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-6892-129335560000}2849/bin/dash_apt 534500x80000000000000002143943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908/bin/rm_apt 23542300x80000000000000002143942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg--- 23542300x80000000000000002143941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.orig.gpg--- 23542300x80000000000000002143940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/gpg.1.sh--- 534500x80000000000000002143948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002143947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.ngwuXX--- 23542300x80000000000000002143946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.baxJS1--- 23542300x80000000000000002143945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.TFHf2T--- 23542300x80000000000000002143949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.911{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.TG3xvF--- 23542300x80000000000000002143950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.913{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.2vcxKJ--- 154100x80000000000000002143951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.917{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.DYEwG3 /tmp/apt.data.oSv6V7/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2909--- 534500x80000000000000002143952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.918{ec230001-804e-6262-0000-000000000000}2911-_apt 154100x80000000000000002143953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.919{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.925{ec230001-804e-6262-7001-aa246a550000}2913/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-configapt-config_apt 534500x80000000000000002143955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.927{ec230001-804e-6262-7001-aa246a550000}2913/usr/bin/dpkg_apt 154100x80000000000000002143957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.928{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.928{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-config_apt 154100x80000000000000002143958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.934{ec230001-804e-6262-7061-15d665550000}2915/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-configapt-config_apt 534500x80000000000000002143959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.936{ec230001-804e-6262-7061-15d665550000}2915/usr/bin/dpkg_apt 154100x80000000000000002143961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.937{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.937{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-config_apt 154100x80000000000000002143962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.941{ec230001-804e-6262-70c1-2a9d6e550000}2917/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-configapt-config_apt 534500x80000000000000002143964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.944{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-config_apt 534500x80000000000000002143963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.944{ec230001-804e-6262-70c1-2a9d6e550000}2917/usr/bin/dpkg_apt 154100x80000000000000002143965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.945{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.949{ec230001-804e-6262-70d1-492d62550000}2919/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-configapt-config_apt 534500x80000000000000002143967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.955{ec230001-804e-6262-70d1-492d62550000}2919/usr/bin/dpkg_apt 154100x80000000000000002143969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.956{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.956{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-config_apt 154100x80000000000000002143970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.963{ec230001-804e-6262-70f1-315b4f560000}2921/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-configapt-config_apt 534500x80000000000000002143971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.965{ec230001-804e-6262-70f1-315b4f560000}2921/usr/bin/dpkg_apt 154100x80000000000000002143973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.966{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.966{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-config_apt 154100x80000000000000002143974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.971{ec230001-804e-6262-7041-056bdc550000}2923/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-configapt-config_apt 534500x80000000000000002143976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.974{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-config_apt 534500x80000000000000002143975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.974{ec230001-804e-6262-7041-056bdc550000}2923/usr/bin/dpkg_apt 154100x80000000000000002143978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.975{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.975{ec230001-804e-6262-0000-000000000000}2924-_apt 154100x80000000000000002143979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.982{ec230001-804e-6262-7011-f45ed8550000}2926/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-configapt-config_apt 154100x80000000000000002143982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-a890-8dbf04560000}2927/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-config_apt 534500x80000000000000002143980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-7011-f45ed8550000}2926/usr/bin/dpkg_apt 154100x80000000000000002143984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.986{ec230001-804e-6262-e0e1-eecf40560000}2928/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.986{ec230001-804e-6262-a890-8dbf04560000}2927/bin/mktemp_apt 534500x80000000000000002143985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.987{ec230001-804e-6262-e0e1-eecf40560000}2928/bin/chmod_apt 154100x80000000000000002143988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-7013-cf39eb550000}2930/bin/rm-----rm -f /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-c005-97eabb550000}2929/bin/readlink_apt 154100x80000000000000002143986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-c005-97eabb550000}2929/bin/readlink-----readlink -f /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.989{ec230001-804e-6262-1030-13cb16560000}2931/bin/touch-----touch /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.989{ec230001-804e-6262-7013-cf39eb550000}2930/bin/rm_apt 154100x80000000000000002143992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.990{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.990{ec230001-804e-6262-1030-13cb16560000}2931/bin/touch_apt 154100x80000000000000002143993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.995{ec230001-804e-6262-70d1-fec531560000}2933/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-configapt-config_apt 154100x80000000000000002143996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-c0d5-df91e5550000}2934/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-config_apt 534500x80000000000000002143994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-70d1-fec531560000}2933/usr/bin/dpkg_apt 154100x80000000000000002143998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.998{ec230001-804e-6262-90a0-ac3dc4550000}2935/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.998{ec230001-804e-6262-c0d5-df91e5550000}2934/bin/readlink_apt 154100x80000000000000002144001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804f-6262-187a-99d0af550000}2938/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2936--- 534500x80000000000000002144000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804e-6262-0000-000000000000}2937-_apt 534500x80000000000000002143999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804e-6262-90a0-ac3dc4550000}2935/usr/bin/find_apt 534500x80000000000000002144003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.001{ec230001-804e-6262-0000-000000000000}2936-_apt 534500x80000000000000002144002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.001{ec230001-804f-6262-187a-99d0af550000}2938/usr/bin/sort_apt 154100x80000000000000002144005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.002{ec230001-804f-6262-48de-3455c1550000}2940/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.002{00000000-0000-0000-0000-000000000000}2939<unknown process>_apt 154100x80000000000000002144008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804f-6262-d0f9-fc3f36560000}2942/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804e-6262-0000-000000000000}2941-_apt 534500x80000000000000002144006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804f-6262-48de-3455c1550000}2940/usr/bin/cmp_apt 154100x80000000000000002144011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{ec230001-804f-6262-485e-00beb7550000}2944/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{00000000-0000-0000-0000-000000000000}2943<unknown process>_apt 534500x80000000000000002144009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{ec230001-804f-6262-d0f9-fc3f36560000}2942/bin/cat_apt 534500x80000000000000002144013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.005{ec230001-804e-6262-0000-000000000000}2945-_apt 534500x80000000000000002144012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.005{ec230001-804f-6262-485e-00beb7550000}2944/usr/bin/cmp_apt 154100x80000000000000002144017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-481e-04a3c4550000}2948/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-d009-17e050560000}2946/bin/cat_apt 154100x80000000000000002144014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-d009-17e050560000}2946/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{ec230001-804e-6262-0000-000000000000}2949-_apt 534500x80000000000000002144018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{ec230001-804f-6262-481e-04a3c4550000}2948/usr/bin/cmp_apt 534500x80000000000000002144016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{00000000-0000-0000-0000-000000000000}2947<unknown process>_apt 534500x80000000000000002144021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.008{ec230001-804f-6262-d029-767b66550000}2950/bin/cat_apt 154100x80000000000000002144020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.008{ec230001-804f-6262-d029-767b66550000}2950/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{ec230001-804f-6262-48ce-ce347b550000}2952/usr/bin/cmp_apt 154100x80000000000000002144023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{ec230001-804f-6262-48ce-ce347b550000}2952/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{00000000-0000-0000-0000-000000000000}2951<unknown process>_apt 534500x80000000000000002144027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{ec230001-804f-6262-d039-d08627560000}2954/bin/cat_apt 154100x80000000000000002144026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{ec230001-804f-6262-d039-d08627560000}2954/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{00000000-0000-0000-0000-000000000000}2953<unknown process>_apt 154100x80000000000000002144028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.011{ec230001-804f-6262-98ca-a9be3a560000}2955/bin/cp-----cp -a /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.012{ec230001-804f-6262-98ca-a9be3a560000}2955/bin/cp_apt 154100x80000000000000002144031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.013{ec230001-804f-6262-f8fa-b08037560000}2958/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2956--- 534500x80000000000000002144030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.013{ec230001-804e-6262-0000-000000000000}2957-_apt 534500x80000000000000002144033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.014{ec230001-804f-6262-0000-000000000000}2956-_apt 534500x80000000000000002144032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.014{ec230001-804f-6262-f8fa-b08037560000}2958/bin/sed_apt 154100x80000000000000002144035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.017{ec230001-804f-6262-f82a-03561c560000}2961/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2959--- 534500x80000000000000002144034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.017{00000000-0000-0000-0000-000000000000}2960<unknown process>_apt 154100x80000000000000002144038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-78ee-d79445560000}2962/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.RA0sX6hrkW --keyring /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.DYEwG3 /tmp/apt.data.oSv6V7/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-0000-000000000000}2959-_apt 534500x80000000000000002144036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-f82a-03561c560000}2961/bin/sed_apt 154100x80000000000000002144040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.021{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.021{ec230001-804f-6262-78ee-d79445560000}2962/usr/bin/gpgv_apt 154100x80000000000000002144041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.022{ec230001-804f-6262-3088-1bb2e7550000}2964/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.024{ec230001-804f-6262-30a8-819087550000}2965/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.024{ec230001-804f-6262-3088-1bb2e7550000}2964/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.025{ec230001-804f-6262-30a8-819087550000}2965/usr/bin/gpg-connect-agent_apt 154100x80000000000000002144045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.026{ec230001-804f-6262-30b8-118536560000}2966/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-7043-4d16df550000}2967/bin/rm-----rm -rf /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconf_apt 534500x80000000000000002144046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-30b8-118536560000}2966/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002144051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg--- 23542300x80000000000000002144050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/pubring.orig.gpg--- 23542300x80000000000000002144049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/gpg.1.sh--- 23542300x80000000000000002144056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.DYEwG3--- 23542300x80000000000000002144055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.oSv6V7--- 23542300x80000000000000002144054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.ME2WqZ--- 534500x80000000000000002144053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash_apt 534500x80000000000000002144052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804f-6262-7043-4d16df550000}2967/bin/rm_apt 23542300x80000000000000002144059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.GBYcSS--- 23542300x80000000000000002144058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.PWoljO--- 534500x80000000000000002144057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-60ea-87805b550000}2909/usr/lib/apt/methods/gpgv_apt 154100x80000000000000002144060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.037{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.hYUDUe /tmp/apt.data.7bcItj/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2968--- 534500x80000000000000002144061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.038{ec230001-804e-6262-60ea-87805b550000}2970-_apt 154100x80000000000000002144062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.039{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 154100x80000000000000002144063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.044{ec230001-804f-6262-7051-0b4224560000}2972/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-configapt-config_apt 534500x80000000000000002144064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.046{ec230001-804f-6262-7051-0b4224560000}2972/usr/bin/dpkg_apt 154100x80000000000000002144066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.047{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.047{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-config_apt 154100x80000000000000002144067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.055{ec230001-804f-6262-7021-8aca79550000}2974/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-configapt-config_apt 154100x80000000000000002144070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-config_apt 534500x80000000000000002144068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-7021-8aca79550000}2974/usr/bin/dpkg_apt 154100x80000000000000002144071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.063{ec230001-804f-6262-70e1-7aaebc550000}2976/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-configapt-config_apt 534500x80000000000000002144072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.065{ec230001-804f-6262-70e1-7aaebc550000}2976/usr/bin/dpkg_apt 154100x80000000000000002144074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.066{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.066{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-config_apt 154100x80000000000000002144075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.071{ec230001-804f-6262-70b1-d1899e550000}2978/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-configapt-config_apt 534500x80000000000000002144076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.073{ec230001-804f-6262-70b1-d1899e550000}2978/usr/bin/dpkg_apt 154100x80000000000000002144078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.074{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.074{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-config_apt 154100x80000000000000002144079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.079{ec230001-804f-6262-7021-2d5caa550000}2980/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-configapt-config_apt 154100x80000000000000002144082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-config_apt 534500x80000000000000002144080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-7021-2d5caa550000}2980/usr/bin/dpkg_apt 154100x80000000000000002144083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.087{ec230001-804f-6262-7001-735bd3550000}2982/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-configapt-config_apt 534500x80000000000000002144085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.089{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-config_apt 534500x80000000000000002144084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.089{ec230001-804f-6262-7001-735bd3550000}2982/usr/bin/dpkg_apt 154100x80000000000000002144087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.090{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.090{00000000-0000-0000-0000-000000000000}2983<unknown process>_apt 154100x80000000000000002144088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.095{ec230001-804f-6262-70e1-737fb3550000}2985/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-configapt-config_apt 534500x80000000000000002144089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.097{ec230001-804f-6262-70e1-737fb3550000}2985/usr/bin/dpkg_apt 534500x80000000000000002144092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-a850-12d7ba550000}2986/bin/mktemp_apt 154100x80000000000000002144091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-a850-12d7ba550000}2986/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-config_apt 154100x80000000000000002144095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-c0a5-e66d88550000}2988/bin/readlink-----readlink -f /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-e0c1-f8cffd550000}2987/bin/chmod_apt 154100x80000000000000002144093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-e0c1-f8cffd550000}2987/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 154100x80000000000000002144097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.100{ec230001-804f-6262-7013-ec05b9550000}2989/bin/rm-----rm -f /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.100{ec230001-804f-6262-c0a5-e66d88550000}2988/bin/readlink_apt 154100x80000000000000002144099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.101{ec230001-804f-6262-10a0-d5837c550000}2990/bin/touch-----touch /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.101{ec230001-804f-6262-7013-ec05b9550000}2989/bin/rm_apt 154100x80000000000000002144101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.102{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.102{ec230001-804f-6262-10a0-d5837c550000}2990/bin/touch_apt 154100x80000000000000002144102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.106{ec230001-804f-6262-7071-13c63b560000}2992/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-configapt-config_apt 534500x80000000000000002144103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.108{ec230001-804f-6262-7071-13c63b560000}2992/usr/bin/dpkg_apt 154100x80000000000000002144105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.109{ec230001-804f-6262-c005-9f2f54560000}2993/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.109{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-config_apt 154100x80000000000000002144107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.110{ec230001-804f-6262-9040-6d9ee0550000}2994/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.110{ec230001-804f-6262-c005-9f2f54560000}2993/bin/readlink_apt 534500x80000000000000002144108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.111{ec230001-804f-6262-9040-6d9ee0550000}2994/usr/bin/find_apt 154100x80000000000000002144110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.112{ec230001-804f-6262-18ea-b41a49560000}2997/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2995--- 534500x80000000000000002144109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.112{00000000-0000-0000-0000-000000000000}2996<unknown process>_apt 534500x80000000000000002144112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.113{ec230001-804e-6262-60ea-87805b550000}2995-_apt 534500x80000000000000002144111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.113{ec230001-804f-6262-18ea-b41a49560000}2997/usr/bin/sort_apt 534500x80000000000000002144115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{ec230001-804f-6262-48ae-d27c21560000}2999/usr/bin/cmp_apt 154100x80000000000000002144114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{ec230001-804f-6262-48ae-d27c21560000}2999/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{00000000-0000-0000-0000-000000000000}2998<unknown process>_apt 154100x80000000000000002144117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.115{ec230001-804f-6262-d009-41e9b6550000}3001/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.115{ec230001-804e-6262-60ea-87805b550000}3000-_apt 154100x80000000000000002144120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804f-6262-482e-67c206560000}3003/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804e-6262-60ea-87805b550000}3002-_apt 534500x80000000000000002144118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804f-6262-d009-41e9b6550000}3001/bin/cat_apt 154100x80000000000000002144123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804f-6262-d0d9-1ca3e2550000}3005/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804e-6262-60ea-87805b550000}3004-_apt 534500x80000000000000002144121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804f-6262-482e-67c206560000}3003/usr/bin/cmp_apt 154100x80000000000000002144126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{ec230001-804f-6262-48fe-771985550000}3007/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{00000000-0000-0000-0000-000000000000}3006<unknown process>_apt 534500x80000000000000002144124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{ec230001-804f-6262-d0d9-1ca3e2550000}3005/bin/cat_apt 534500x80000000000000002144128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.119{ec230001-804f-6262-0000-000000000000}3008-_apt 534500x80000000000000002144127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.119{ec230001-804f-6262-48fe-771985550000}3007/usr/bin/cmp_apt 534500x80000000000000002144130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.120{ec230001-804f-6262-d079-31839c550000}3009/bin/cat_apt 154100x80000000000000002144129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.120{ec230001-804f-6262-d079-31839c550000}3009/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{ec230001-804f-6262-482e-fd3470550000}3011/usr/bin/cmp_apt 154100x80000000000000002144132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{ec230001-804f-6262-482e-fd3470550000}3011/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{00000000-0000-0000-0000-000000000000}3010<unknown process>_apt 154100x80000000000000002144135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.122{ec230001-804f-6262-d029-14a4ad550000}3013/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.122{00000000-0000-0000-0000-000000000000}3012<unknown process>_apt 154100x80000000000000002144137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.123{ec230001-804f-6262-984a-f36830560000}3014/bin/cp-----cp -a /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg /tmp/apt-key-gpghome.zcXf631l1s/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.123{ec230001-804f-6262-d029-14a4ad550000}3013/bin/cat_apt 154100x80000000000000002144140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{ec230001-804f-6262-f8ba-72023c560000}3017/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}3015--- 534500x80000000000000002144139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{00000000-0000-0000-0000-000000000000}3016<unknown process>_apt 534500x80000000000000002144138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{ec230001-804f-6262-984a-f36830560000}3014/bin/cp_apt 534500x80000000000000002144142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.126{ec230001-804f-6262-0000-000000000000}3015-_apt 534500x80000000000000002144141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.126{ec230001-804f-6262-f8ba-72023c560000}3017/bin/sed_apt 154100x80000000000000002144144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.127{ec230001-804f-6262-f86a-69521d560000}3020/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}3018--- 534500x80000000000000002144143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.127{ec230001-804f-6262-0000-000000000000}3019-_apt 154100x80000000000000002144147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{ec230001-804f-6262-785e-85ad5b550000}3021/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.zcXf631l1s --keyring /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.hYUDUe /tmp/apt.data.7bcItj/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{00000000-0000-0000-0000-000000000000}3018<unknown process>_apt 534500x80000000000000002144145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{ec230001-804f-6262-f86a-69521d560000}3020/bin/sed_apt 154100x80000000000000002144149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.131{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.131{ec230001-804f-6262-785e-85ad5b550000}3021/usr/bin/gpgv_apt 154100x80000000000000002144150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.132{ec230001-804f-6262-3078-b77755550000}3023/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.134{ec230001-804f-6262-3038-11f2d4550000}3024/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.134{ec230001-804f-6262-3078-b77755550000}3023/usr/bin/gpg-connect-agent_apt 154100x80000000000000002144154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.135{ec230001-804f-6262-3068-4d937b550000}3025/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.135{ec230001-804f-6262-3038-11f2d4550000}3024/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.137{ec230001-804f-6262-3068-4d937b550000}3025/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026/bin/rm_apt 23542300x80000000000000002144160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg--- 23542300x80000000000000002144159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/pubring.orig.gpg--- 23542300x80000000000000002144158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/gpg.1.sh--- 154100x80000000000000002144157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026/bin/rm-----rm -rf /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconf_apt 534500x80000000000000002144166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002144165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.hYUDUe--- 23542300x80000000000000002144164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.7bcItj--- 23542300x80000000000000002144163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.rgPzla--- 534500x80000000000000002144162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash_apt 23542300x80000000000000002144167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.140{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.r5ywJX--- 23542300x80000000000000002144168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.146{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.YURTB2--- 354300x80000000000000002144169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.326{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36504-false10.0.1.12-8000- 534500x80000000000000002144170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.466{ec230001-804e-6262-8965-0e7ce9550000}2863/usr/lib/apt/methods/store_apt 534500x80000000000000002144172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.467{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/http_apt 534500x80000000000000002144171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.467{ec230001-804e-6262-60ea-87805b550000}2728/usr/lib/apt/methods/gpgv_apt 534500x80000000000000002144174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.468{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/http_apt 534500x80000000000000002144173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.468{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/http_apt 23542300x80000000000000002144175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.469{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease--- 23542300x80000000000000002144178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages--- 23542300x80000000000000002144177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages.xz--- 23542300x80000000000000002144176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages--- 23542300x80000000000000002144182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages--- 23542300x80000000000000002144181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease--- 23542300x80000000000000002144180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease--- 23542300x80000000000000002144179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages.xz--- 23542300x80000000000000002144188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en--- 23542300x80000000000000002144187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages.xz--- 23542300x80000000000000002144186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages--- 23542300x80000000000000002144185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en.xz--- 23542300x80000000000000002144184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en--- 23542300x80000000000000002144183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages.xz--- 23542300x80000000000000002144192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages.bz2--- 23542300x80000000000000002144191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages--- 23542300x80000000000000002144190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_InRelease--- 23542300x80000000000000002144189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en.xz--- 154100x80000000000000002144193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.474{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dash-----sh -c touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 154100x80000000000000002144194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.475{ec230001-8050-6262-1030-32b8d8550000}3029/bin/touch-----touch /var/lib/apt/periodic/update-success-stamp/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dashshroot 534500x80000000000000002144195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.476{ec230001-8050-6262-1030-32b8d8550000}3029/bin/touchroot 154100x80000000000000002144197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.477{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dash-----sh -c if /usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null; fi/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 534500x80000000000000002144196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.477{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dashroot 154100x80000000000000002144198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.478{ec230001-8050-6262-e02a-6bb755550000}3031/usr/bin/test-----/usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashshroot 154100x80000000000000002144200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.479{ec230001-8050-6262-503c-7b0000000000}3032/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/cnf-update-db/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashshroot 534500x80000000000000002144199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.479{ec230001-8050-6262-e02a-6bb755550000}3031/usr/bin/testroot 154100x80000000000000002144203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dash-----sh -c /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 534500x80000000000000002144202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashroot 534500x80000000000000002144201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-503c-7b0000000000}3032/usr/bin/python3.6root 154100x80000000000000002144204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.541{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dashshroot 154100x80000000000000002144205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.542{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-config-----apt-config shell StateDir Dir::State/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.547{ec230001-8050-6262-70b1-4a42ad550000}3036/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-configapt-configroot 534500x80000000000000002144208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.549{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-configroot 534500x80000000000000002144207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.549{ec230001-8050-6262-70b1-4a42ad550000}3036/usr/bin/dpkgroot 154100x80000000000000002144209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.550{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.554{ec230001-8050-6262-7041-112a66550000}3038/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-configapt-configroot 534500x80000000000000002144212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.557{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-configroot 534500x80000000000000002144211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.557{ec230001-8050-6262-7041-112a66550000}3038/usr/bin/dpkgroot 154100x80000000000000002144213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.558{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.562{ec230001-8050-6262-7001-beabd0550000}3040/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-configapt-configroot 534500x80000000000000002144215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.564{ec230001-8050-6262-7001-beabd0550000}3040/usr/bin/dpkgroot 154100x80000000000000002144217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.565{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.565{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-configroot 154100x80000000000000002144218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.569{ec230001-8050-6262-7001-3dd0c8550000}3042/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-configapt-configroot 534500x80000000000000002144219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.571{ec230001-8050-6262-7001-3dd0c8550000}3042/usr/bin/dpkgroot 154100x80000000000000002144221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.572{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.572{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-configroot 154100x80000000000000002144222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.576{ec230001-8050-6262-7051-86b6fe550000}3044/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-configapt-configroot 154100x80000000000000002144225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-9080-f12593550000}3045/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/updates-available -print -quit/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-configroot 534500x80000000000000002144223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-7051-86b6fe550000}3044/usr/bin/dpkgroot 154100x80000000000000002144229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-a830-61f6f5550000}3046/bin/mktemp-----mktemp -p /var/lib/update-notifier/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-e808-065df4550000}3047/usr/bin/dirname-----dirname /var/lib/update-notifier/updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3046--- 534500x80000000000000002144226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-9080-f12593550000}3045/usr/bin/findroot 534500x80000000000000002144228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.582{ec230001-8050-6262-e808-065df4550000}3047/usr/bin/dirnameroot 154100x80000000000000002144231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.584{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/update-notifier/apt-check --human-readable/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.584{ec230001-8050-6262-a830-61f6f5550000}3046/bin/mktemproot 154100x80000000000000002144232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.677{ec230001-8050-6262-70c1-9569df550000}3049/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 23542300x80000000000000002144234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.680{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.ltQLxO--- 534500x80000000000000002144233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.680{ec230001-8050-6262-70c1-9569df550000}3049/usr/bin/dpkgroot 23542300x80000000000000002144235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.685{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.D5hzCX--- 23542300x80000000000000002144236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.689{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.d754H6--- 23542300x80000000000000002144237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.691{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RwZPNf--- 23542300x80000000000000002144238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.692{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7IQPTo--- 23542300x80000000000000002144239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.696{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.P7jx0x--- 23542300x80000000000000002144240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.699{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RxxK7G--- 23542300x80000000000000002144241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.704{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.DayHfQ--- 23542300x80000000000000002144242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.705{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.jdHUnZ--- 23542300x80000000000000002144243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.706{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hILkw8--- 23542300x80000000000000002144244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.708{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.1pLZEh--- 23542300x80000000000000002144245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.709{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RiPRNq--- 23542300x80000000000000002144246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.710{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.pRfWWz--- 23542300x80000000000000002144247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.712{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hcgf6I--- 23542300x80000000000000002144248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.713{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.t1NNfS--- 23542300x80000000000000002144249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.715{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.d3WAp1--- 23542300x80000000000000002144250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.716{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.nLGEza--- 154100x80000000000000002144251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.717{ec230001-8050-6262-70c1-0ccf3f560000}3050/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.720{ec230001-8050-6262-70c1-0ccf3f560000}3050/usr/bin/dpkgroot 154100x80000000000000002144253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.742{ec230001-8050-6262-7011-2fa5ea550000}3051/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.744{ec230001-8050-6262-7011-2fa5ea550000}3051/usr/bin/dpkgroot 154100x80000000000000002144255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.908{ec230001-8050-6262-70a1-e6d156550000}3052/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.911{ec230001-8050-6262-70a1-e6d156550000}3052/usr/bin/dpkgroot 23542300x80000000000000002144257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.920{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hVaeik--- 23542300x80000000000000002144258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:45.795{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.3CZNow--- 23542300x80000000000000002144259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.097{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.JNJskJ--- 23542300x80000000000000002144260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.099{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.5JQvgW--- 23542300x80000000000000002144261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.213{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.XDIMv9--- 154100x80000000000000002144262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.657{ec230001-8052-6262-70e1-48f1a9550000}3053/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.674{ec230001-8052-6262-70e1-48f1a9550000}3053/usr/bin/dpkgroot 354300x80000000000000002144264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.756{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39490-false10.0.1.12-8089- 23542300x80000000000000002144265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.015{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.9iWUiQ--- 23542300x80000000000000002144266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.019{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.9p7CK5--- 23542300x80000000000000002144267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.023{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.dML0cl--- 23542300x80000000000000002144268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.025{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.T1JEFA--- 23542300x80000000000000002144269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.026{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hrly8P--- 23542300x80000000000000002144270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.030{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.VSE6B5--- 23542300x80000000000000002144271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.032{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.xqUU5k--- 23542300x80000000000000002144272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.035{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.TyTnAA--- 23542300x80000000000000002144273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.037{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.Ro564P--- 23542300x80000000000000002144274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.038{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HYj3z5--- 23542300x80000000000000002144275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.039{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.prwc5k--- 23542300x80000000000000002144276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.041{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.XKOyAA--- 23542300x80000000000000002144277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.042{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7Ic85P--- 23542300x80000000000000002144278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.043{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.H7NWB5--- 23542300x80000000000000002144279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.045{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.POX07k--- 23542300x80000000000000002144280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.046{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NQskEA--- 23542300x80000000000000002144281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.048{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.jbiVaQ--- 154100x80000000000000002144282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.049{ec230001-8053-6262-7041-d89cdf550000}3054/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.053{ec230001-8053-6262-7041-d89cdf550000}3054/usr/bin/dpkgroot 23542300x80000000000000002144284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.280{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.VicHk6--- 23542300x80000000000000002144285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.284{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.x7wdvm--- 23542300x80000000000000002144286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.288{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.djBpGC--- 23542300x80000000000000002144287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.290{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.rwLRRS--- 23542300x80000000000000002144288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.291{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.ff4y38--- 23542300x80000000000000002144289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.295{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.11WVfp--- 23542300x80000000000000002144290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.296{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.zzXysF--- 23542300x80000000000000002144291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.300{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hCIRFV--- 23542300x80000000000000002144292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.302{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HwGpTb--- 23542300x80000000000000002144293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.303{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HTCa7r--- 23542300x80000000000000002144294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.304{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NpU8kI--- 23542300x80000000000000002144295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.306{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.pAQjzY--- 23542300x80000000000000002144296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.307{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.T0qHNe--- 23542300x80000000000000002144297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.308{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.nRik2u--- 23542300x80000000000000002144298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.310{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.PtXbhL--- 23542300x80000000000000002144299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.311{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NvDjw1--- 23542300x80000000000000002144300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.313{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7D6HLh--- 154100x80000000000000002144302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.409{ec230001-8053-6262-889b-37ed15560000}3055/bin/mv-----mv /var/lib/update-notifier/tmp.HkpwVAr5wI /var/lib/update-notifier/updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.409{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6root 154100x80000000000000002144304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.411{ec230001-8053-6262-70b3-dd0cef550000}3056/bin/rm-----rm -f /var/lib/update-notifier/tmp.HkpwVAr5wI/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.411{ec230001-8053-6262-889b-37ed15560000}3055/bin/mvroot 534500x80000000000000002144308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{00000000-0000-0000-0000-000000000000}3027<unknown process>root 534500x80000000000000002144307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dashroot 534500x80000000000000002144306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dashroot 534500x80000000000000002144305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8053-6262-70b3-dd0cef550000}3056/bin/rmroot 23542300x80000000000000002144309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.420{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/cache/apt/pkgcache.bin--- 23542300x80000000000000002144310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.425{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/cache/apt/srcpkgcache.bin--- 154100x80000000000000002144311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.427{ec230001-8053-6262-70a1-3705c3550000}3057/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002144312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.429{ec230001-8053-6262-70a1-3705c3550000}3057/usr/bin/dpkgroot 23542300x80000000000000002144313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.433{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.D5NCbj--- 23542300x80000000000000002144314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.088{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.C1v7xB--- 23542300x80000000000000002144315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.366{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.1FQIFU--- 23542300x80000000000000002144316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.369{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.OXHONd--- 23542300x80000000000000002144317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.lbhyex--- 154100x80000000000000002144318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.617{ec230001-8054-6262-70d1-2d4288550000}3058/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002144319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.633{ec230001-8054-6262-70d1-2d4288550000}3058/usr/bin/dpkgroot 154100x80000000000000002144320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.858{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3059--- 154100x80000000000000002144321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.859{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dashshroot 154100x80000000000000002144322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.864{ec230001-8054-6262-7001-1e4a8a550000}3062/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook/usr/lib/ubuntu-advantage/apt-esm-hookroot 23542300x80000000000000002144324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.866{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.wXnEqe--- 534500x80000000000000002144323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.866{ec230001-8054-6262-7001-1e4a8a550000}3062/usr/bin/dpkgroot 23542300x80000000000000002144325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.871{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.DQOAVy--- 23542300x80000000000000002144326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.875{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.yzherT--- 23542300x80000000000000002144327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.876{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.hXv7Wd--- 23542300x80000000000000002144328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.878{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.Gvhfty--- 23542300x80000000000000002144329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.882{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.HmZ2ZS--- 23542300x80000000000000002144330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.883{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.q7p6wd--- 23542300x80000000000000002144331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.887{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.bdgP4x--- 23542300x80000000000000002144332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.889{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.2cQRCS--- 23542300x80000000000000002144333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.890{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.NnT6ad--- 23542300x80000000000000002144334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.891{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.IpYyJx--- 23542300x80000000000000002144335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.892{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.zMEdiS--- 23542300x80000000000000002144336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.894{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.E7G4Qc--- 23542300x80000000000000002144337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.895{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.P1oaqx--- 23542300x80000000000000002144338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.896{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.UiTuZR--- 23542300x80000000000000002144339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.898{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.Tt13yc--- 23542300x80000000000000002144340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.899{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.a0YS8w--- 154100x80000000000000002144341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.900{ec230001-8054-6262-70d1-6a5ad4550000}3063/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook/usr/lib/ubuntu-advantage/apt-esm-hookroot 534500x80000000000000002144342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.902{ec230001-8054-6262-70d1-6a5ad4550000}3063/usr/bin/dpkgroot 23542300x80000000000000002144344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.944{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/var/lib/ubuntu-advantage/messages/motd-esm-service-status--- 23542300x80000000000000002144343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.944{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/var/lib/ubuntu-advantage/messages/apt-pre-invoke-esm-service-status--- 534500x80000000000000002144346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.945{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dashroot 534500x80000000000000002144345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.945{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hookroot 534500x80000000000000002144347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.947{ec230001-804f-6262-60ea-87805b550000}3059-root 534500x80000000000000002144348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.952{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptroot 534500x80000000000000002144349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.953{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoroot 354300x80000000000000002144350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:49.364{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36508-false10.0.1.12-8000- 154100x80000000000000002144351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.932{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudo-----sudo apt install apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002144356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudoubuntuudptruefalse127.0.0.1-40420-false127.0.0.53-53- 354300x80000000000000002144355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55129- 354300x80000000000000002144354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-42689-false10.0.0.2-53- 354300x80000000000000002144353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-59257-false10.0.0.2-53- 354300x80000000000000002144352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudoubuntuudptruefalse127.0.0.1-55129-false127.0.0.53-53- 354300x80000000000000002144357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.937{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40420- 154100x80000000000000002144358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.940{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/apt-----apt install apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudosudoubuntu 154100x80000000000000002144359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.945{ec230001-8058-6262-70b1-e1cc6b550000}3066/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 534500x80000000000000002144360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.947{ec230001-8058-6262-70b1-e1cc6b550000}3066/usr/bin/dpkgroot 23542300x80000000000000002144361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.950{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.qmr0at--- 23542300x80000000000000002144362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.955{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.b5e0OY--- 23542300x80000000000000002144363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.959{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.YvaItu--- 23542300x80000000000000002144364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.961{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.xzAF8Z--- 23542300x80000000000000002144365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.962{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.G1aSNv--- 23542300x80000000000000002144366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.968{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.NPy0t1--- 23542300x80000000000000002144367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.970{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.aU4rax--- 23542300x80000000000000002144368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.975{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.XGRJR2--- 23542300x80000000000000002144369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.976{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.sXCmzy--- 23542300x80000000000000002144370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.978{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.dI3eh4--- 23542300x80000000000000002144371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.979{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.QQskZz--- 23542300x80000000000000002144372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.980{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.vbPCH5--- 23542300x80000000000000002144373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.982{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.UQ48pB--- 23542300x80000000000000002144374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.983{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.HSfV86--- 23542300x80000000000000002144375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.985{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.MGoXRC--- 23542300x80000000000000002144376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.986{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.5XReB8--- 154100x80000000000000002144378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.988{ec230001-8058-6262-7011-42c2e2550000}3067/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 23542300x80000000000000002144377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.988{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.8iyNkE--- 534500x80000000000000002144379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.991{ec230001-8058-6262-7011-42c2e2550000}3067/usr/bin/dpkgroot 154100x80000000000000002144380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.367{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.368{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash/bin/shroot 154100x80000000000000002144381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.368{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash/bin/shroot 534500x80000000000000002144388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.406{ec230001-8059-6262-6852-ce3619560000}3068/bin/dashroot 534500x80000000000000002144396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.406{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 154100x80000000000000002144398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.407{ec230001-8059-6262-6802-842858550000}3084/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3083--- 154100x80000000000000002144399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.408{ec230001-8059-6262-eaee-6275f7550000}3085/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6802-842858550000}3084/bin/dashshroot 534500x80000000000000002144402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-804f-6262-60ea-87805b550000}3083-root 534500x80000000000000002144401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-8059-6262-6802-842858550000}3084/bin/dashroot 534500x80000000000000002144400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-8059-6262-eaee-6275f7550000}3085/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x80000000000000002144403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.423{ec230001-8059-6262-b933-f57fcd550000}3086/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 534500x80000000000000002144404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.428{ec230001-8059-6262-b933-f57fcd550000}3086/usr/lib/apt/methods/httproot 154100x80000000000000002144405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.437{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.438{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash/bin/shroot 154100x80000000000000002144406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.438{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash/bin/shroot 534500x80000000000000002144412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.473{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dashroot 534500x80000000000000002144421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.473{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 154100x80000000000000002144423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.479{ec230001-8059-6262-68b2-261466550000}3102/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.481{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68b2-261466550000}3102/bin/dash/bin/shroot 154100x80000000000000002144424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.481{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68b2-261466550000}3102/bin/dash/bin/shroot 534500x80000000000000002144431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.512{ec230001-8059-6262-68b2-261466550000}3102/bin/dashroot 534500x80000000000000002144439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.512{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 354300x80000000000000002144441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.241{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36510-false10.0.1.12-8000- 23542300x80000000000000002144451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ohLVIS--- 23542300x80000000000000002144450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.FQli5f--- 23542300x80000000000000002144449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.6GeFrD--- 23542300x80000000000000002144448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.BXp2N0--- 23542300x80000000000000002144447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.KnTpao--- 23542300x80000000000000002144446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.zIENwL--- 23542300x80000000000000002144445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ofIbT8--- 23542300x80000000000000002144444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.B82zfw--- 23542300x80000000000000002144443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ohHYBT--- 23542300x80000000000000002144442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.HUFnYg--- 154100x80000000000000002144452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.519{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 354300x80000000000000002144455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-56485-false127.0.0.53-53- 354300x80000000000000002144454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50992- 354300x80000000000000002144453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-50992-false127.0.0.53-53- 354300x80000000000000002144457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.528{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-56552-false52.15.158.54-80- 354300x80000000000000002144456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.528{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56485- 534500x80000000000000002144458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.596{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/http_apt 23542300x80000000000000002144459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.597{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/log/apt/eipp.log.xz--- 154100x80000000000000002144460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.681{ec230001-805b-6262-68c2-a6bff9550000}3118/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.682{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-68c2-a6bff9550000}3118/bin/dash/bin/shroot 154100x80000000000000002144462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.747{ec230001-805b-6262-3080-af1adc550000}3120/usr/bin/locale-----locale charmap/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.748{ec230001-805b-6262-3080-af1adc550000}3120/usr/bin/localeroot 154100x80000000000000002144464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.832{ec230001-805b-6262-6842-3300ba550000}3121/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.833{ec230001-805b-6262-f00e-3cc42b560000}3122/bin/stty-----stty -a/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-6842-3300ba550000}3121/bin/dashshroot 534500x80000000000000002144466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.835{ec230001-805b-6262-f00e-3cc42b560000}3122/bin/sttyroot 154100x80000000000000002144468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.836{ec230001-805b-6262-68f2-ebce6c550000}3123/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.836{ec230001-805b-6262-6842-3300ba550000}3121/bin/dashroot 154100x80000000000000002144469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.837{ec230001-805b-6262-f04e-d7e76d550000}3124/bin/stty-----stty -a/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-68f2-ebce6c550000}3123/bin/dashshroot 534500x80000000000000002144471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.838{ec230001-805b-6262-68f2-ebce6c550000}3123/bin/dashroot 534500x80000000000000002144470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.838{ec230001-805b-6262-f04e-d7e76d550000}3124/bin/sttyroot 154100x80000000000000002144472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.839{ec230001-805b-6262-33b1-2e661f560000}3126/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/libapr1_1.6.3-2_amd64.deb /var/cache/apt/archives/libaprutil1_1.6.1-2_amd64.deb /var/cache/apt/archives/libaprutil1-dbd-sqlite3_1.6.1-2_amd64.deb /var/cache/apt/archives/libaprutil1-ldap_1.6.1-2_amd64.deb /var/cache/apt/archives/liblua5.2-0_5.2.4-1.1build1_amd64.deb /var/cache/apt/archives/apache2-bin_2.4.29-1ubuntu4.22_amd64.deb /var/cache/apt/archives/apache2-utils_2.4.29-1ubuntu4.22_amd64.deb /var/cache/apt/archives/apache2-data_2.4.29-1ubuntu4.22_all.deb /var/cache/apt/archives/apache2_2.4.29-1ubuntu4.22_amd64.deb /var/cache/apt/archives/ssl-cert_1.0.39_all.deb/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3125--- 154100x80000000000000002144473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.846{ec230001-805b-6262-70f1-f81e4f560000}3127/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-33b1-2e661f560000}3126/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x80000000000000002144475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.849{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.cHoF0u--- 534500x80000000000000002144474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.849{ec230001-805b-6262-70f1-f81e4f560000}3127/usr/bin/dpkgroot 23542300x80000000000000002144476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.854{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.udb4y8--- 23542300x80000000000000002144477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.858{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.ogUb8L--- 23542300x80000000000000002144478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.859{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.2w9yHp--- 23542300x80000000000000002144479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.861{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Wbjch3--- 23542300x80000000000000002144480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.865{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.mTnwRG--- 23542300x80000000000000002144481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.866{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.qNe6rk--- 23542300x80000000000000002144482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.871{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.kwyn3X--- 23542300x80000000000000002144483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.872{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.cD4UEB--- 23542300x80000000000000002144484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.873{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.sjYFgf--- 23542300x80000000000000002144485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.875{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.ev4DSS--- 23542300x80000000000000002144486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.876{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.0U9Puw--- 23542300x80000000000000002144487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.877{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.wEnf79--- 23542300x80000000000000002144488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.879{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.0wPTJN--- 23542300x80000000000000002144489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.880{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.45lOmr--- 23542300x80000000000000002144490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.882{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.iieYZ4--- 23542300x80000000000000002144491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.883{ec230001-805b-6262-33b1-2e661f560000}3126root/usr/bin/apt-extracttemplates/tmp/fileutl.message.AS4oDI--- 154100x80000000000000002144492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.884{ec230001-805b-6262-70e1-e0b8ad550000}3128/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-33b1-2e661f560000}3126/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x80000000000000002144493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.886{ec230001-805b-6262-70e1-e0b8ad550000}3128/usr/bin/dpkgroot 154100x80000000000000002144494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.907{ec230001-805b-6262-70f1-36dd37560000}3129/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-33b1-2e661f560000}3126/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x80000000000000002144495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.910{ec230001-805b-6262-70f1-36dd37560000}3129/usr/bin/dpkgroot 534500x80000000000000002144496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.935{ec230001-805b-6262-33b1-2e661f560000}3126/usr/bin/apt-extracttemplatesroot 534500x80000000000000002144497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.944{ec230001-805b-6262-0000-000000000000}3125-root 23542300x80000000000000002144498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.949{ec230001-805b-6262-98c7-c29a09560000}3119root/usr/bin/perl/tmp/ssl-cert.template.Wi78om--- 154100x80000000000000002144500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.950{ec230001-805b-6262-68b2-6bdd12560000}3130/bin/dash-----/bin/sh /tmp/ssl-cert.config.kaRTa0 configure /home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.951{00000000-0000-0000-0000-000000000000}3131<unknown process>root 534500x80000000000000002144501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.952{ec230001-805b-6262-68b2-6bdd12560000}3130/bin/dashroot 23542300x80000000000000002144502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.953{ec230001-805b-6262-98c7-c29a09560000}3119root/usr/bin/perl/tmp/ssl-cert.config.kaRTa0--- 534500x80000000000000002144503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.985{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perlroot 534500x80000000000000002144504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.986{ec230001-805b-6262-68c2-a6bff9550000}3118/bin/dashroot 154100x80000000000000002144505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.005{ec230001-805c-6262-7071-361bd3550000}3132/usr/bin/dpkg-----/usr/bin/dpkg --assert-multi-arch/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 534500x80000000000000002144506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.016{ec230001-805c-6262-7071-361bd3550000}3132/usr/bin/dpkgroot 154100x80000000000000002144507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.017{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-IBVFDa/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.035{ec230001-805c-6262-d82f-b695fa550000}3134/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-IBVFDa/0-libapr1_1.6.3-2_amd64.deb/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 154100x80000000000000002144510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.038{ec230001-805c-6262-404a-cb4f63550000}3135/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-IBVFDa/0-libapr1_1.6.3-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.038{ec230001-805c-6262-d82f-b695fa550000}3134/usr/bin/dpkg-splitroot 154100x80000000000000002144512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.041{ec230001-805c-6262-d083-559dc6550000}3138/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-404a-cb4f63550000}3135/usr/bin/dpkg-debdpkg-debroot 534500x80000000000000002144511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.041{ec230001-805c-6262-0000-000000000000}3136-root 534500x80000000000000002144513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.043{ec230001-805c-6262-0000-000000000000}3137-root 534500x80000000000000002144514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.046{ec230001-805c-6262-d083-559dc6550000}3138/bin/tarroot 534500x80000000000000002144515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.047{ec230001-805c-6262-404a-cb4f63550000}3135/usr/bin/dpkg-debroot 154100x80000000000000002144516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.346{ec230001-805c-6262-400a-146a59550000}3140/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-IBVFDa/0-libapr1_1.6.3-2_amd64.deb/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.353{ec230001-805c-6262-0000-000000000000}3141-root 534500x80000000000000002144519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.359{ec230001-805c-6262-400a-146a59550000}3140/usr/bin/dpkg-debroot 534500x80000000000000002144518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.359{00000000-0000-0000-0000-000000000000}3142<unknown process>root 154100x80000000000000002144520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.382{ec230001-805c-6262-70d3-75e78b550000}3143/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 154100x80000000000000002144523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.383{ec230001-805c-6262-d82f-2aafba550000}3144/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-IBVFDa/1-libaprutil1_1.6.1-2_amd64.deb/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.383{ec230001-805c-6262-70d3-75e78b550000}3143/bin/rmroot 23542300x80000000000000002144521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.383{ec230001-805c-6262-70d3-75e78b550000}3143root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x80000000000000002144525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.385{ec230001-805c-6262-40ca-2d5020560000}3145/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-IBVFDa/1-libaprutil1_1.6.1-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.385{ec230001-805c-6262-d82f-2aafba550000}3144/usr/bin/dpkg-splitroot 154100x80000000000000002144527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.387{ec230001-805c-6262-d0e3-7f50f7550000}3148/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-40ca-2d5020560000}3145/usr/bin/dpkg-debdpkg-debroot 534500x80000000000000002144526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.387{ec230001-805c-6262-0000-000000000000}3146-root 534500x80000000000000002144528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.388{ec230001-805c-6262-0000-000000000000}3147-root 534500x80000000000000002144530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.390{ec230001-805c-6262-40ca-2d5020560000}3145/usr/bin/dpkg-debroot 534500x80000000000000002144529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.390{ec230001-805c-6262-d0e3-7f50f7550000}3148/bin/tarroot 154100x80000000000000002144531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.412{ec230001-805c-6262-403a-7b6604560000}3149/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-IBVFDa/1-libaprutil1_1.6.1-2_amd64.deb/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.416{ec230001-805c-6262-0000-000000000000}3150-root 534500x80000000000000002144534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.424{ec230001-805c-6262-403a-7b6604560000}3149/usr/bin/dpkg-debroot 534500x80000000000000002144533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.424{00000000-0000-0000-0000-000000000000}3151<unknown process>root 154100x80000000000000002144535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.442{ec230001-805c-6262-70e3-36bfbb550000}3152/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.443{ec230001-805c-6262-70e3-36bfbb550000}3152/bin/rmroot 23542300x80000000000000002144536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.443{ec230001-805c-6262-70e3-36bfbb550000}3152root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x80000000000000002144538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.444{ec230001-805c-6262-d80f-f54089550000}3153/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-IBVFDa/2-libaprutil1-dbd-sqlite3_1.6.1-2_amd64.deb/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 154100x80000000000000002144540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.445{ec230001-805c-6262-406a-3431f3550000}3154/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-IBVFDa/2-libaprutil1-dbd-sqlite3_1.6.1-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-7021-c20655560000}3133/usr/bin/dpkg/usr/bin/dpkgroot 534500x80000000000000002144539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.445{ec230001-805c-6262-d80f-f54089550000}3153/usr/bin/dpkg-splitroot 154100x80000000000000002144542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.447{ec230001-805c-6262-d033-cdcd9d550000}3157/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805c-6262-406a-3431f3550000}3154/usr/bin/dpkg-debdpkg-debroot 534500x80000000000000002144541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:56.447{ec230001-805c-6262-0000-000000000000}3155-root 534500x80000000000000002144733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.333{ec230001-805d-6262-f0be-498dee550000}3239/bin/sttyroot 534500x80000000000000002144734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.334{ec230001-805d-6262-6872-c5e6ac550000}3238/bin/dashroot 154100x80000000000000002144735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.339{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash-----/bin/sh -e /var/lib/dpkg/info/ssl-cert.postinst configure /root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6852-104735560000}3234/bin/dash/bin/shroot 154100x80000000000000002144736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.340{ec230001-805d-6262-686a-464124560000}3241/usr/bin/getent-----getent group ssl-cert/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 154100x80000000000000002144738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.343{ec230001-805d-6262-98b7-45edaa550000}3242/usr/bin/perl-----/usr/bin/perl /usr/sbin/addgroup --quiet --system --force-badname ssl-cert/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 534500x80000000000000002144737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.343{ec230001-805d-6262-686a-464124560000}3241/usr/bin/getentroot 154100x80000000000000002144739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.376{ec230001-805d-6262-508d-991f13560000}3243/usr/sbin/groupadd-----/usr/sbin/groupadd -g 115 ssl-cert/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-98b7-45edaa550000}3242/usr/bin/perl/usr/bin/perlroot 23542300x80000000000000002144741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.381{ec230001-805d-6262-508d-991f13560000}3243root/usr/sbin/groupadd/etc/gshadow.3243--- 23542300x80000000000000002144740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.381{ec230001-805d-6262-508d-991f13560000}3243root/usr/sbin/groupadd/etc/group.3243--- 23542300x80000000000000002144742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.386{ec230001-805d-6262-508d-991f13560000}3243root/usr/sbin/groupadd/etc/group.lock--- 23542300x80000000000000002144743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.391{ec230001-805d-6262-508d-991f13560000}3243root/usr/sbin/groupadd/etc/gshadow.lock--- 534500x80000000000000002144745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.392{00000000-0000-0000-0000-000000000000}3245<unknown process>root 534500x80000000000000002144744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.392{00000000-0000-0000-0000-000000000000}3244<unknown process>root 534500x80000000000000002144747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.393{ec230001-805d-6262-508d-991f13560000}3243/usr/sbin/groupaddroot 534500x80000000000000002144746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.393{00000000-0000-0000-0000-000000000000}3246<unknown process>root 154100x80000000000000002144749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.394{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash-----/bin/bash -e /usr/sbin/make-ssl-cert generate-default-snakeoil/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 534500x80000000000000002144748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.394{ec230001-805d-6262-98b7-45edaa550000}3242/usr/bin/perlroot 154100x80000000000000002144750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.442{ec230001-805d-6262-e0ac-e2dd13560000}3248/bin/hostname-----hostname -f/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 354300x80000000000000002144753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.445{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-60305-false10.0.0.2-53- 354300x80000000000000002144752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.445{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-50938-false10.0.0.2-53- 354300x80000000000000002144751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.445{ec230001-805d-6262-e0ac-e2dd13560000}3248/bin/hostnamerootudptruefalse127.0.0.1-43831-false127.0.0.53-53- 354300x80000000000000002144757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.446{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56162- 354300x80000000000000002144756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.446{ec230001-805d-6262-e0ac-e2dd13560000}3248/bin/hostnamerootudptruefalse127.0.0.1-56162-false127.0.0.53-53- 354300x80000000000000002144755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.446{ec230001-805d-6262-e0ac-e2dd13560000}3248/bin/hostnamerootudpfalsefalse127.0.0.53-53-false127.0.0.1-56162- 354300x80000000000000002144754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.446{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43831- 154100x80000000000000002144759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.447{ec230001-805d-6262-a8f0-b1d091550000}3249/bin/mktemp-----mktemp/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.447{ec230001-805d-6262-e0ac-e2dd13560000}3248/bin/hostnameroot 154100x80000000000000002144761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.448{ec230001-805d-6262-a810-362de4550000}3250/bin/mktemp-----mktemp/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.448{ec230001-805d-6262-a8f0-b1d091550000}3249/bin/mktemproot 534500x80000000000000002144762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.450{ec230001-805d-6262-a810-362de4550000}3250/bin/mktemproot 154100x80000000000000002144763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.451{ec230001-805d-6262-f8aa-ae94b5550000}3251/bin/sed-----sed -e s#@HostName@#sysmonlinux-ctus-attack-range-6628# -e s#@SubjectAltName@#DNS:sysmonlinux-ctus-attack-range-6628# /usr/share/ssl-cert/ssleay.cnf/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.452{ec230001-805d-6262-f8aa-ae94b5550000}3251/bin/sedroot 154100x80000000000000002144765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.453{ec230001-805d-6262-90aa-0fe9fa550000}3252/usr/bin/openssl-----openssl req -config /tmp/tmp.QgJrhfg3yj -new -x509 -days 3650 -nodes -sha256 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 154100x80000000000000002144767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.539{ec230001-805d-6262-e081-6b12e9550000}3253/bin/chmod-----chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.539{ec230001-805d-6262-90aa-0fe9fa550000}3252/usr/bin/opensslroot 534500x80000000000000002144768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.540{ec230001-805d-6262-e081-6b12e9550000}3253/bin/chmodroot 154100x80000000000000002144769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.541{ec230001-805d-6262-e001-4c06c5550000}3254/bin/chmod-----chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 154100x80000000000000002144771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.542{ec230001-805d-6262-60b9-7bc3d3550000}3255/bin/chown-----chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.542{ec230001-805d-6262-e001-4c06c5550000}3254/bin/chmodroot 154100x80000000000000002144773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.545{ec230001-805d-6262-90ca-e30e7c550000}3256/usr/bin/openssl-----openssl x509 -hash -noout -in ssl-cert-snakeoil.pem/etc/ssl/certsroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.545{ec230001-805d-6262-60b9-7bc3d3550000}3255/bin/chownroot 154100x80000000000000002144775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.548{ec230001-805d-6262-988d-bec2a5550000}3257/bin/ln-----ln -sf ssl-cert-snakeoil.pem 3e332fbe/etc/ssl/certsroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.548{ec230001-805d-6262-90ca-e30e7c550000}3256/usr/bin/opensslroot 154100x80000000000000002144777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.549{ec230001-805d-6262-7003-1cee81550000}3258/bin/rm-----rm -f /tmp/tmp.QgJrhfg3yj /tmp/tmp.2f9sLACAWX/etc/ssl/certsroot{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bash/bin/bashroot 534500x80000000000000002144776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.549{ec230001-805d-6262-988d-bec2a5550000}3257/bin/lnroot 534500x80000000000000002144781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.550{ec230001-805d-6262-08c4-ec2f5e550000}3247/bin/bashroot 534500x80000000000000002144780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.550{ec230001-805d-6262-7003-1cee81550000}3258/bin/rmroot 23542300x80000000000000002144779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.550{ec230001-805d-6262-7003-1cee81550000}3258root/bin/rm/tmp/tmp.2f9sLACAWX--- 23542300x80000000000000002144778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.550{ec230001-805d-6262-7003-1cee81550000}3258root/bin/rm/tmp/tmp.QgJrhfg3yj--- 154100x80000000000000002144782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.551{ec230001-805d-6262-703f-0641d3550000}3259/usr/bin/dpkg-statoverride-----dpkg-statoverride --list /etc/ssl/private/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 154100x80000000000000002144784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.555{ec230001-805d-6262-70ef-aec556550000}3260/usr/bin/dpkg-statoverride-----dpkg-statoverride --update --add root ssl-cert 710 /etc/ssl/private/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 534500x80000000000000002144783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.555{ec230001-805d-6262-703f-0641d3550000}3259/usr/bin/dpkg-statoverrideroot 534500x80000000000000002144785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.562{ec230001-805d-6262-70ef-aec556550000}3260/usr/bin/dpkg-statoverrideroot 154100x80000000000000002144786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.563{ec230001-805d-6262-70c1-88cc7e550000}3261/usr/bin/dpkg-----dpkg --compare-versions lt 1.0.12/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 154100x80000000000000002144788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.565{ec230001-805d-6262-c0df-3dde40560000}3262/bin/chgrp-----chgrp ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 534500x80000000000000002144787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.565{ec230001-805d-6262-70c1-88cc7e550000}3261/usr/bin/dpkgroot 154100x80000000000000002144790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.567{ec230001-805d-6262-e001-8ec0fc550000}3263/bin/chmod-----chmod g+r /etc/ssl/private/ssl-cert-snakeoil.key/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dash/bin/shroot 534500x80000000000000002144789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.567{ec230001-805d-6262-c0df-3dde40560000}3262/bin/chgrproot 534500x80000000000000002144792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.568{ec230001-805d-6262-6862-dd0ab8550000}3240/bin/dashroot 534500x80000000000000002144791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.568{ec230001-805d-6262-e001-8ec0fc550000}3263/bin/chmodroot 534500x80000000000000002144793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:57.592{ec230001-805d-6262-6852-104735560000}3234/bin/dashroot 154100x80000000000000002144794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.272{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash-----/bin/bash /var/lib/dpkg/info/apache2.postinst configure /root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805d-6262-7011-5f691d560000}3233/usr/bin/dpkg/usr/bin/dpkgroot 154100x80000000000000002144795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.274{ec230001-805e-6262-7071-6f1a0b560000}3265/usr/bin/dpkg-----dpkg --compare-versions lt-nl 2.4.23-3~/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.276{ec230001-805e-6262-7071-6f1a0b560000}3265/usr/bin/dpkgroot 154100x80000000000000002144797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.277{ec230001-805e-6262-9877-222ab9550000}3266/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q mpm_event/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002144798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.301{ec230001-805e-6262-6852-c7380a560000}3267/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-222ab9550000}3266/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.302{ec230001-805e-6262-6832-bef3ef550000}3268/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-c7380a560000}3267/bin/dashshroot 154100x80000000000000002144799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.302{ec230001-805e-6262-787c-fdb591550000}3268/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-c7380a560000}3267/bin/dashshroot 154100x80000000000000002144801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.303{ec230001-805e-6262-78ac-0aa22b560000}3269/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-787c-fdb591550000}3268/usr/bin/envenvroot 534500x80000000000000002144804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.304{ec230001-805e-6262-6852-c7380a560000}3267/bin/dashroot 534500x80000000000000002144803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.304{ec230001-805e-6262-787c-fdb591550000}3268/usr/bin/envroot 534500x80000000000000002144802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.304{ec230001-805e-6262-78ac-0aa22b560000}3269/usr/bin/envroot 154100x80000000000000002144805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.305{ec230001-805e-6262-68e2-8a4112560000}3270/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "mpm_event"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-222ab9550000}3266/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.306{ec230001-805e-6262-90b0-33b6e9550000}3271/usr/bin/find-----find /var/lib/apache2/module -type f -a -name mpm_event/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68e2-8a4112560000}3270/bin/dashshroot 154100x80000000000000002144809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.307{ec230001-805e-6262-6812-af97db550000}3272/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/mpm_event"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-222ab9550000}3266/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.307{ec230001-805e-6262-68e2-8a4112560000}3270/bin/dashroot 534500x80000000000000002144807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.307{ec230001-805e-6262-90b0-33b6e9550000}3271/usr/bin/findroot 154100x80000000000000002144810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.308{ec230001-805e-6262-1040-34965a550000}3273/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/mpm_event/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-af97db550000}3272/bin/dashshroot 534500x80000000000000002144812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.309{ec230001-805e-6262-6812-af97db550000}3272/bin/dashroot 534500x80000000000000002144811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.309{ec230001-805e-6262-1040-34965a550000}3273/bin/touchroot 154100x80000000000000002144814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.310{ec230001-805e-6262-70a1-42f97d550000}3274/usr/bin/dpkg-----dpkg --compare-versions lt-nl 2.4.10-12~/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.310{ec230001-805e-6262-9877-222ab9550000}3266/usr/bin/perlroot 154100x80000000000000002144816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.312{ec230001-805e-6262-98fa-d060cd550000}3275/bin/cp-----cp /usr/share/apache2/default-site/index.html /var/www/html/index.html/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.312{ec230001-805e-6262-70a1-42f97d550000}3274/usr/bin/dpkgroot 154100x80000000000000002144818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.314{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q authz_host/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.314{ec230001-805e-6262-98fa-d060cd550000}3275/bin/cproot 154100x80000000000000002144819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.335{ec230001-805e-6262-6812-6abf9d550000}3277/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.336{ec230001-805e-6262-68d2-5d2bc5550000}3278/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-6abf9d550000}3277/bin/dashshroot 154100x80000000000000002144820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.336{ec230001-805e-6262-78ac-aecda5550000}3278/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-6abf9d550000}3277/bin/dashshroot 534500x80000000000000002144823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.338{ec230001-805e-6262-78cc-7e4cc4550000}3279/usr/bin/envroot 154100x80000000000000002144822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.338{ec230001-805e-6262-78cc-7e4cc4550000}3279/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78ac-aecda5550000}3278/usr/bin/envenvroot 534500x80000000000000002144825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.339{ec230001-805e-6262-6812-6abf9d550000}3277/bin/dashroot 534500x80000000000000002144824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.339{ec230001-805e-6262-78ac-aecda5550000}3278/usr/bin/envroot 154100x80000000000000002144827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.340{ec230001-805e-6262-90c0-c9fcff550000}3281/usr/bin/find-----find /var/lib/apache2/module -type f -a -name authz_core/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68e2-8fea0a560000}3280/bin/dashshroot 154100x80000000000000002144826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.340{ec230001-805e-6262-68e2-8fea0a560000}3280/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "authz_core"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.342{ec230001-805e-6262-6852-9ff12a560000}3282/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/authz_core"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.342{ec230001-805e-6262-68e2-8fea0a560000}3280/bin/dashroot 534500x80000000000000002144828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.342{ec230001-805e-6262-90c0-c9fcff550000}3281/usr/bin/findroot 154100x80000000000000002144831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.343{ec230001-805e-6262-1010-dd52d7550000}3283/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/authz_core/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-9ff12a560000}3282/bin/dashshroot 534500x80000000000000002144833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.344{ec230001-805e-6262-6852-9ff12a560000}3282/bin/dashroot 534500x80000000000000002144832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.344{ec230001-805e-6262-1010-dd52d7550000}3283/bin/touchroot 154100x80000000000000002144835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.346{ec230001-805e-6262-9030-d08697550000}3285/usr/bin/find-----find /var/lib/apache2/module -type f -a -name authz_host/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-ddcac6550000}3284/bin/dashshroot 154100x80000000000000002144834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.346{ec230001-805e-6262-6892-ddcac6550000}3284/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "authz_host"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.350{ec230001-805e-6262-6882-bf7a6e550000}3286/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/authz_host"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.350{ec230001-805e-6262-6892-ddcac6550000}3284/bin/dashroot 534500x80000000000000002144836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.350{ec230001-805e-6262-9030-d08697550000}3285/usr/bin/findroot 154100x80000000000000002144839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.351{ec230001-805e-6262-1020-efc33f560000}3287/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/authz_host/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6882-bf7a6e550000}3286/bin/dashshroot 534500x80000000000000002144841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.352{ec230001-805e-6262-6882-bf7a6e550000}3286/bin/dashroot 534500x80000000000000002144840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.352{ec230001-805e-6262-1020-efc33f560000}3287/bin/touchroot 154100x80000000000000002144843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.353{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q auth_basic/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.353{ec230001-805e-6262-98d7-482118560000}3276/usr/bin/perlroot 154100x80000000000000002144844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.375{ec230001-805e-6262-6832-128d28560000}3289/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.376{ec230001-805e-6262-68c2-b0fa10560000}3290/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6832-128d28560000}3289/bin/dashshroot 154100x80000000000000002144845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.376{ec230001-805e-6262-78fc-366e6a550000}3290/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6832-128d28560000}3289/bin/dashshroot 154100x80000000000000002144847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.377{ec230001-805e-6262-784c-1533b6550000}3291/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78fc-366e6a550000}3290/usr/bin/envenvroot 534500x80000000000000002144850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.378{ec230001-805e-6262-6832-128d28560000}3289/bin/dashroot 534500x80000000000000002144849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.378{ec230001-805e-6262-78fc-366e6a550000}3290/usr/bin/envroot 534500x80000000000000002144848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.378{ec230001-805e-6262-784c-1533b6550000}3291/usr/bin/envroot 154100x80000000000000002144851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.380{ec230001-805e-6262-68a2-74c7e0550000}3292/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "authn_core"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.381{ec230001-805e-6262-9090-de04a1550000}3293/usr/bin/find-----find /var/lib/apache2/module -type f -a -name authn_core/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-74c7e0550000}3292/bin/dashshroot 154100x80000000000000002144855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.382{ec230001-805e-6262-68b2-199b00560000}3294/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/authn_core"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.382{ec230001-805e-6262-68a2-74c7e0550000}3292/bin/dashroot 534500x80000000000000002144853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.382{ec230001-805e-6262-9090-de04a1550000}3293/usr/bin/findroot 154100x80000000000000002144856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.383{ec230001-805e-6262-1080-8314ba550000}3295/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/authn_core/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-199b00560000}3294/bin/dashshroot 154100x80000000000000002144859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.384{ec230001-805e-6262-68b2-537a25560000}3296/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "auth_basic"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.384{ec230001-805e-6262-68b2-199b00560000}3294/bin/dashroot 534500x80000000000000002144857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.384{ec230001-805e-6262-1080-8314ba550000}3295/bin/touchroot 154100x80000000000000002144860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.385{ec230001-805e-6262-9030-2dc839560000}3297/usr/bin/find-----find /var/lib/apache2/module -type f -a -name auth_basic/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-537a25560000}3296/bin/dashshroot 154100x80000000000000002144863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.387{ec230001-805e-6262-6872-ffa13f560000}3298/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/auth_basic"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.387{ec230001-805e-6262-68b2-537a25560000}3296/bin/dashroot 534500x80000000000000002144861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.387{ec230001-805e-6262-9030-2dc839560000}3297/usr/bin/findroot 534500x80000000000000002144866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.388{ec230001-805e-6262-6872-ffa13f560000}3298/bin/dashroot 534500x80000000000000002144865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.388{ec230001-805e-6262-1020-76b4d7550000}3299/bin/touchroot 154100x80000000000000002144864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.388{ec230001-805e-6262-1020-76b4d7550000}3299/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/auth_basic/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6872-ffa13f560000}3298/bin/dashshroot 154100x80000000000000002144868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.389{ec230001-805e-6262-9897-c5995b550000}3300/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q access_compat/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.389{ec230001-805e-6262-98a7-d8f8f2550000}3288/usr/bin/perlroot 154100x80000000000000002144869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.415{ec230001-805e-6262-6822-b93bb2550000}3301/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9897-c5995b550000}3300/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.416{ec230001-805e-6262-6872-4761a1550000}3302/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-b93bb2550000}3301/bin/dashshroot 154100x80000000000000002144870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.416{ec230001-805e-6262-786c-412fdc550000}3302/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-b93bb2550000}3301/bin/dashshroot 534500x80000000000000002144875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.417{ec230001-805e-6262-6822-b93bb2550000}3301/bin/dashroot 534500x80000000000000002144874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.417{ec230001-805e-6262-786c-412fdc550000}3302/usr/bin/envroot 534500x80000000000000002144873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.417{ec230001-805e-6262-786c-8c40cd550000}3303/usr/bin/envroot 154100x80000000000000002144872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.417{ec230001-805e-6262-786c-8c40cd550000}3303/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-786c-412fdc550000}3302/usr/bin/envenvroot 154100x80000000000000002144876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.418{ec230001-805e-6262-68b2-58a910560000}3304/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "access_compat"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9897-c5995b550000}3300/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.419{ec230001-805e-6262-9090-86f8d4550000}3305/usr/bin/find-----find /var/lib/apache2/module -type f -a -name access_compat/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-58a910560000}3304/bin/dashshroot 534500x80000000000000002144878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.420{ec230001-805e-6262-9090-86f8d4550000}3305/usr/bin/findroot 154100x80000000000000002144881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.421{ec230001-805e-6262-10c0-99682f560000}3307/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/access_compat/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-2499b9550000}3306/bin/dashshroot 154100x80000000000000002144880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.421{ec230001-805e-6262-68b2-2499b9550000}3306/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/access_compat"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9897-c5995b550000}3300/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.421{ec230001-805e-6262-68b2-58a910560000}3304/bin/dashroot 534500x80000000000000002144883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.422{ec230001-805e-6262-68b2-2499b9550000}3306/bin/dashroot 534500x80000000000000002144882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.422{ec230001-805e-6262-10c0-99682f560000}3307/bin/touchroot 154100x80000000000000002144885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.423{ec230001-805e-6262-98c7-586260550000}3308/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q authn_file/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.423{ec230001-805e-6262-9897-c5995b550000}3300/usr/bin/perlroot 154100x80000000000000002144886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.449{ec230001-805e-6262-6852-8401ff550000}3309/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-586260550000}3308/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.450{ec230001-805e-6262-6852-dfd374550000}3310/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-8401ff550000}3309/bin/dashshroot 154100x80000000000000002144887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.450{ec230001-805e-6262-781c-b14f87550000}3310/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-8401ff550000}3309/bin/dashshroot 154100x80000000000000002144889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.451{ec230001-805e-6262-78fc-993aa7550000}3311/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-781c-b14f87550000}3310/usr/bin/envenvroot 534500x80000000000000002144892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.452{ec230001-805e-6262-6852-8401ff550000}3309/bin/dashroot 534500x80000000000000002144891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.452{ec230001-805e-6262-781c-b14f87550000}3310/usr/bin/envroot 534500x80000000000000002144890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.452{ec230001-805e-6262-78fc-993aa7550000}3311/usr/bin/envroot 154100x80000000000000002144893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.453{ec230001-805e-6262-68a2-f67961550000}3312/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "authn_file"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-586260550000}3308/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.454{ec230001-805e-6262-9050-b69de7550000}3313/usr/bin/find-----find /var/lib/apache2/module -type f -a -name authn_file/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-f67961550000}3312/bin/dashshroot 154100x80000000000000002144897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.455{ec230001-805e-6262-6832-a1c954560000}3314/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/authn_file"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-586260550000}3308/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.455{ec230001-805e-6262-68a2-f67961550000}3312/bin/dashroot 534500x80000000000000002144895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.455{ec230001-805e-6262-9050-b69de7550000}3313/usr/bin/findroot 154100x80000000000000002144898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.456{ec230001-805e-6262-10b0-97017f550000}3315/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/authn_file/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6832-a1c954560000}3314/bin/dashshroot 534500x80000000000000002144900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.457{ec230001-805e-6262-6832-a1c954560000}3314/bin/dashroot 534500x80000000000000002144899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.457{ec230001-805e-6262-10b0-97017f550000}3315/bin/touchroot 154100x80000000000000002144902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.458{ec230001-805e-6262-98a7-4ad0b0550000}3316/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q authz_user/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.458{ec230001-805e-6262-98c7-586260550000}3308/usr/bin/perlroot 154100x80000000000000002144905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.486{ec230001-805e-6262-6832-0259ae550000}3318/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-c0bb94550000}3317/bin/dashshroot 154100x80000000000000002144904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.486{ec230001-805e-6262-78ac-3fd2e4550000}3318/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-c0bb94550000}3317/bin/dashshroot 154100x80000000000000002144903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.486{ec230001-805e-6262-6852-c0bb94550000}3317/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-4ad0b0550000}3316/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.488{ec230001-805e-6262-786c-0e2d88550000}3319/usr/bin/envroot 154100x80000000000000002144906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.488{ec230001-805e-6262-786c-0e2d88550000}3319/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78ac-3fd2e4550000}3318/usr/bin/envenvroot 534500x80000000000000002144909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.490{ec230001-805e-6262-6852-c0bb94550000}3317/bin/dashroot 534500x80000000000000002144908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.490{ec230001-805e-6262-78ac-3fd2e4550000}3318/usr/bin/envroot 154100x80000000000000002144911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.491{ec230001-805e-6262-9050-2553fb550000}3321/usr/bin/find-----find /var/lib/apache2/module -type f -a -name authz_user/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-5e5495550000}3320/bin/dashshroot 154100x80000000000000002144910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.491{ec230001-805e-6262-68b2-5e5495550000}3320/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "authz_user"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-4ad0b0550000}3316/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.493{ec230001-805e-6262-68d2-4d1f20560000}3322/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/authz_user"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98a7-4ad0b0550000}3316/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.493{ec230001-805e-6262-68b2-5e5495550000}3320/bin/dashroot 534500x80000000000000002144912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.493{ec230001-805e-6262-9050-2553fb550000}3321/usr/bin/findroot 534500x80000000000000002144917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.494{ec230001-805e-6262-68d2-4d1f20560000}3322/bin/dashroot 534500x80000000000000002144916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.494{ec230001-805e-6262-1070-b63b29560000}3323/bin/touchroot 154100x80000000000000002144915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.494{ec230001-805e-6262-1070-b63b29560000}3323/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/authz_user/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68d2-4d1f20560000}3322/bin/dashshroot 154100x80000000000000002144919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.495{ec230001-805e-6262-98c7-3e4cf8550000}3324/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q alias/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.495{ec230001-805e-6262-98a7-4ad0b0550000}3316/usr/bin/perlroot 154100x80000000000000002144920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.519{ec230001-805e-6262-6812-4748fe550000}3325/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-3e4cf8550000}3324/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.520{ec230001-805e-6262-6822-fd83aa550000}3326/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-4748fe550000}3325/bin/dashshroot 154100x80000000000000002144921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.520{ec230001-805e-6262-787c-1bf1ea550000}3326/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-4748fe550000}3325/bin/dashshroot 154100x80000000000000002144923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.521{ec230001-805e-6262-786c-ed8d1d560000}3327/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-787c-1bf1ea550000}3326/usr/bin/envenvroot 534500x80000000000000002144926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.522{ec230001-805e-6262-6812-4748fe550000}3325/bin/dashroot 534500x80000000000000002144925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.522{ec230001-805e-6262-787c-1bf1ea550000}3326/usr/bin/envroot 534500x80000000000000002144924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.522{ec230001-805e-6262-786c-ed8d1d560000}3327/usr/bin/envroot 154100x80000000000000002144927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.523{ec230001-805e-6262-6812-f59cdb550000}3328/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "alias"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-3e4cf8550000}3324/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.524{ec230001-805e-6262-9020-bd4ab7550000}3329/usr/bin/find-----find /var/lib/apache2/module -type f -a -name alias/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-f59cdb550000}3328/bin/dashshroot 534500x80000000000000002144930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.525{ec230001-805e-6262-6812-f59cdb550000}3328/bin/dashroot 534500x80000000000000002144929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.525{ec230001-805e-6262-9020-bd4ab7550000}3329/usr/bin/findroot 154100x80000000000000002144932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.526{ec230001-805e-6262-1010-f06651560000}3331/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/alias/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68f2-3716ba550000}3330/bin/dashshroot 154100x80000000000000002144931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.526{ec230001-805e-6262-68f2-3716ba550000}3330/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/alias"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-3e4cf8550000}3324/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.527{ec230001-805e-6262-68f2-3716ba550000}3330/bin/dashroot 534500x80000000000000002144933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.527{ec230001-805e-6262-1010-f06651560000}3331/bin/touchroot 534500x80000000000000002144935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.528{ec230001-805e-6262-98c7-3e4cf8550000}3324/usr/bin/perlroot 154100x80000000000000002144936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.529{ec230001-805e-6262-9817-487ba7550000}3332/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q dir/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002144937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.555{ec230001-805e-6262-68b2-a8bf13560000}3333/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-487ba7550000}3332/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.560{ec230001-805e-6262-68c2-594dfb550000}3334/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-a8bf13560000}3333/bin/dashshroot 154100x80000000000000002144938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.560{ec230001-805e-6262-782c-a962a9550000}3334/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-a8bf13560000}3333/bin/dashshroot 154100x80000000000000002144940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.562{ec230001-805e-6262-78dc-48de2c560000}3335/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-782c-a962a9550000}3334/usr/bin/envenvroot 534500x80000000000000002144942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.564{ec230001-805e-6262-782c-a962a9550000}3334/usr/bin/envroot 534500x80000000000000002144941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.564{ec230001-805e-6262-78dc-48de2c560000}3335/usr/bin/envroot 534500x80000000000000002144943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.565{ec230001-805e-6262-68b2-a8bf13560000}3333/bin/dashroot 154100x80000000000000002144945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.566{ec230001-805e-6262-90e0-0388db550000}3337/usr/bin/find-----find /var/lib/apache2/module -type f -a -name dir/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68c2-6d2ec7550000}3336/bin/dashshroot 154100x80000000000000002144944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.566{ec230001-805e-6262-68c2-6d2ec7550000}3336/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "dir"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-487ba7550000}3332/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.568{ec230001-805e-6262-68c2-6bdcf2550000}3338/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/dir"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-487ba7550000}3332/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.568{ec230001-805e-6262-68c2-6d2ec7550000}3336/bin/dashroot 534500x80000000000000002144946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.568{ec230001-805e-6262-90e0-0388db550000}3337/usr/bin/findroot 154100x80000000000000002144949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.569{ec230001-805e-6262-1050-53c572550000}3339/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/dir/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68c2-6bdcf2550000}3338/bin/dashshroot 534500x80000000000000002144950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.570{ec230001-805e-6262-1050-53c572550000}3339/bin/touchroot 534500x80000000000000002144951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.571{ec230001-805e-6262-68c2-6bdcf2550000}3338/bin/dashroot 154100x80000000000000002144953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.572{ec230001-805e-6262-9857-b4573e560000}3340/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q autoindex/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.572{ec230001-805e-6262-9817-487ba7550000}3332/usr/bin/perlroot 154100x80000000000000002144954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.604{ec230001-805e-6262-68e2-e0f40e560000}3341/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-b4573e560000}3340/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.605{ec230001-805e-6262-68a2-9464f0550000}3342/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68e2-e0f40e560000}3341/bin/dashshroot 154100x80000000000000002144955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.605{ec230001-805e-6262-78fc-2f3b99550000}3342/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68e2-e0f40e560000}3341/bin/dashshroot 154100x80000000000000002144957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.606{ec230001-805e-6262-784c-331965550000}3343/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78fc-2f3b99550000}3342/usr/bin/envenvroot 534500x80000000000000002144960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.607{ec230001-805e-6262-68e2-e0f40e560000}3341/bin/dashroot 534500x80000000000000002144959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.607{ec230001-805e-6262-78fc-2f3b99550000}3342/usr/bin/envroot 534500x80000000000000002144958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.607{ec230001-805e-6262-784c-331965550000}3343/usr/bin/envroot 154100x80000000000000002144961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.608{ec230001-805e-6262-6812-05901d560000}3344/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "autoindex"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-b4573e560000}3340/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.609{ec230001-805e-6262-90c0-4c6e9c550000}3345/usr/bin/find-----find /var/lib/apache2/module -type f -a -name autoindex/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-05901d560000}3344/bin/dashshroot 154100x80000000000000002144965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.610{ec230001-805e-6262-6882-8ec6da550000}3346/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/autoindex"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-b4573e560000}3340/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.610{ec230001-805e-6262-6812-05901d560000}3344/bin/dashroot 534500x80000000000000002144963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.610{ec230001-805e-6262-90c0-4c6e9c550000}3345/usr/bin/findroot 154100x80000000000000002144966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.611{ec230001-805e-6262-10d0-3a6aab550000}3347/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/autoindex/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6882-8ec6da550000}3346/bin/dashshroot 534500x80000000000000002144968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.612{ec230001-805e-6262-6882-8ec6da550000}3346/bin/dashroot 534500x80000000000000002144967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.612{ec230001-805e-6262-10d0-3a6aab550000}3347/bin/touchroot 154100x80000000000000002144970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.613{ec230001-805e-6262-9867-fd43fc550000}3348/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.613{ec230001-805e-6262-9857-b4573e560000}3340/usr/bin/perlroot 154100x80000000000000002144971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.636{ec230001-805e-6262-6802-873167550000}3349/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fd43fc550000}3348/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.637{ec230001-805e-6262-6842-65fcc3550000}3350/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6802-873167550000}3349/bin/dashshroot 154100x80000000000000002144972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.637{ec230001-805e-6262-782c-26325a550000}3350/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6802-873167550000}3349/bin/dashshroot 534500x80000000000000002144977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.638{ec230001-805e-6262-6802-873167550000}3349/bin/dashroot 534500x80000000000000002144976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.638{ec230001-805e-6262-782c-26325a550000}3350/usr/bin/envroot 534500x80000000000000002144975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.638{ec230001-805e-6262-78dc-6be020560000}3351/usr/bin/envroot 154100x80000000000000002144974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.638{ec230001-805e-6262-78dc-6be020560000}3351/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-782c-26325a550000}3350/usr/bin/envenvroot 154100x80000000000000002144978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.639{ec230001-805e-6262-68a2-86c27e550000}3352/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "env"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fd43fc550000}3348/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.640{ec230001-805e-6262-9070-044da6550000}3353/usr/bin/find-----find /var/lib/apache2/module -type f -a -name env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-86c27e550000}3352/bin/dashshroot 534500x80000000000000002144981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.641{ec230001-805e-6262-68a2-86c27e550000}3352/bin/dashroot 534500x80000000000000002144980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.641{ec230001-805e-6262-9070-044da6550000}3353/usr/bin/findroot 154100x80000000000000002144983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.642{ec230001-805e-6262-10a0-1d0215560000}3355/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6882-8c28a8550000}3354/bin/dashshroot 154100x80000000000000002144982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.642{ec230001-805e-6262-6882-8c28a8550000}3354/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/env"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fd43fc550000}3348/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.643{ec230001-805e-6262-6882-8c28a8550000}3354/bin/dashroot 534500x80000000000000002144984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.643{ec230001-805e-6262-10a0-1d0215560000}3355/bin/touchroot 154100x80000000000000002144987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.644{ec230001-805e-6262-9877-ceed5f550000}3356/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q mime/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002144986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.644{ec230001-805e-6262-9867-fd43fc550000}3348/usr/bin/perlroot 154100x80000000000000002144988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.671{ec230001-805e-6262-6892-2b031e560000}3357/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ceed5f550000}3356/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.672{ec230001-805e-6262-6832-2aad56550000}3358/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-2b031e560000}3357/bin/dashshroot 154100x80000000000000002144989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.672{ec230001-805e-6262-78fc-65be39560000}3358/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-2b031e560000}3357/bin/dashshroot 154100x80000000000000002144991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.673{ec230001-805e-6262-784c-5353cb550000}3359/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78fc-65be39560000}3358/usr/bin/envenvroot 534500x80000000000000002144994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.677{ec230001-805e-6262-6892-2b031e560000}3357/bin/dashroot 534500x80000000000000002144993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.677{ec230001-805e-6262-78fc-65be39560000}3358/usr/bin/envroot 534500x80000000000000002144992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.677{ec230001-805e-6262-784c-5353cb550000}3359/usr/bin/envroot 154100x80000000000000002144995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.679{ec230001-805e-6262-6822-ffdffb550000}3360/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "mime"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ceed5f550000}3356/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002144996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.680{ec230001-805e-6262-90c0-d461f8550000}3361/usr/bin/find-----find /var/lib/apache2/module -type f -a -name mime/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-ffdffb550000}3360/bin/dashshroot 154100x80000000000000002144999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.681{ec230001-805e-6262-6822-1f1d9d550000}3362/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/mime"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ceed5f550000}3356/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.681{ec230001-805e-6262-6822-ffdffb550000}3360/bin/dashroot 534500x80000000000000002144997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.681{ec230001-805e-6262-90c0-d461f8550000}3361/usr/bin/findroot 154100x80000000000000002145000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.682{ec230001-805e-6262-10c0-57a50f560000}3363/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/mime/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-1f1d9d550000}3362/bin/dashshroot 534500x80000000000000002145002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.683{ec230001-805e-6262-6822-1f1d9d550000}3362/bin/dashroot 534500x80000000000000002145001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.683{ec230001-805e-6262-10c0-57a50f560000}3363/bin/touchroot 154100x80000000000000002145004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.684{ec230001-805e-6262-9817-b20216560000}3364/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q negotiation/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.684{ec230001-805e-6262-9877-ceed5f550000}3356/usr/bin/perlroot 154100x80000000000000002145005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.706{ec230001-805e-6262-6872-62de7b550000}3365/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-b20216560000}3364/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.707{ec230001-805e-6262-6832-773b9f550000}3366/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6872-62de7b550000}3365/bin/dashshroot 154100x80000000000000002145006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.707{ec230001-805e-6262-78ac-2860f3550000}3366/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6872-62de7b550000}3365/bin/dashshroot 154100x80000000000000002145008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.708{ec230001-805e-6262-78ac-7acd0f560000}3367/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78ac-2860f3550000}3366/usr/bin/envenvroot 534500x80000000000000002145010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.709{ec230001-805e-6262-78ac-2860f3550000}3366/usr/bin/envroot 534500x80000000000000002145009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.709{ec230001-805e-6262-78ac-7acd0f560000}3367/usr/bin/envroot 154100x80000000000000002145012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.710{ec230001-805e-6262-6882-622fbe550000}3368/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "negotiation"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-b20216560000}3364/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.710{ec230001-805e-6262-6872-62de7b550000}3365/bin/dashroot 154100x80000000000000002145013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.711{ec230001-805e-6262-9000-8c3a65550000}3369/usr/bin/find-----find /var/lib/apache2/module -type f -a -name negotiation/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6882-622fbe550000}3368/bin/dashshroot 154100x80000000000000002145016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.712{ec230001-805e-6262-6822-0d5a23560000}3370/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/negotiation"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-b20216560000}3364/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.712{ec230001-805e-6262-6882-622fbe550000}3368/bin/dashroot 534500x80000000000000002145014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.712{ec230001-805e-6262-9000-8c3a65550000}3369/usr/bin/findroot 154100x80000000000000002145017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.713{ec230001-805e-6262-10f0-4204b2550000}3371/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/negotiation/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-0d5a23560000}3370/bin/dashshroot 534500x80000000000000002145018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.714{ec230001-805e-6262-10f0-4204b2550000}3371/bin/touchroot 534500x80000000000000002145020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.715{ec230001-805e-6262-9817-b20216560000}3364/usr/bin/perlroot 534500x80000000000000002145019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.715{ec230001-805e-6262-6822-0d5a23560000}3370/bin/dashroot 154100x80000000000000002145021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.716{ec230001-805e-6262-9817-98b81a560000}3372/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q setenvif/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.738{ec230001-805e-6262-68d2-aeb460550000}3373/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-98b81a560000}3372/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.739{ec230001-805e-6262-68e2-b11371550000}3374/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68d2-aeb460550000}3373/bin/dashshroot 154100x80000000000000002145023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.739{ec230001-805e-6262-781c-b0dc0a560000}3374/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68d2-aeb460550000}3373/bin/dashshroot 154100x80000000000000002145025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.740{ec230001-805e-6262-788c-07ce9c550000}3375/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-781c-b0dc0a560000}3374/usr/bin/envenvroot 534500x80000000000000002145028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.741{ec230001-805e-6262-68d2-aeb460550000}3373/bin/dashroot 534500x80000000000000002145027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.741{ec230001-805e-6262-781c-b0dc0a560000}3374/usr/bin/envroot 534500x80000000000000002145026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.741{ec230001-805e-6262-788c-07ce9c550000}3375/usr/bin/envroot 154100x80000000000000002145029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.743{ec230001-805e-6262-6852-dfc6aa550000}3376/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "setenvif"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-98b81a560000}3372/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.744{ec230001-805e-6262-9070-2743d4550000}3377/usr/bin/find-----find /var/lib/apache2/module -type f -a -name setenvif/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-dfc6aa550000}3376/bin/dashshroot 154100x80000000000000002145033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.745{ec230001-805e-6262-6872-b92da9550000}3378/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/setenvif"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-98b81a560000}3372/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.745{ec230001-805e-6262-6852-dfc6aa550000}3376/bin/dashroot 534500x80000000000000002145031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.745{ec230001-805e-6262-9070-2743d4550000}3377/usr/bin/findroot 154100x80000000000000002145034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.746{ec230001-805e-6262-10e0-8080d3550000}3379/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/setenvif/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6872-b92da9550000}3378/bin/dashshroot 534500x80000000000000002145036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.747{ec230001-805e-6262-6872-b92da9550000}3378/bin/dashroot 534500x80000000000000002145035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.747{ec230001-805e-6262-10e0-8080d3550000}3379/bin/touchroot 154100x80000000000000002145038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.748{ec230001-805e-6262-9827-b511f2550000}3380/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q filter/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.748{ec230001-805e-6262-9817-98b81a560000}3372/usr/bin/perlroot 154100x80000000000000002145039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.771{ec230001-805e-6262-6842-b050a3550000}3381/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-b511f2550000}3380/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.772{ec230001-805e-6262-68c2-1bc2ea550000}3382/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6842-b050a3550000}3381/bin/dashshroot 154100x80000000000000002145040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.772{ec230001-805e-6262-788c-c00b5f550000}3382/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6842-b050a3550000}3381/bin/dashshroot 534500x80000000000000002145044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.773{ec230001-805e-6262-788c-c00b5f550000}3382/usr/bin/envroot 534500x80000000000000002145043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.773{ec230001-805e-6262-783c-269149560000}3383/usr/bin/envroot 154100x80000000000000002145042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.773{ec230001-805e-6262-783c-269149560000}3383/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-788c-c00b5f550000}3382/usr/bin/envenvroot 154100x80000000000000002145046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.774{ec230001-805e-6262-6812-0a5eea550000}3384/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "filter"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-b511f2550000}3380/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.774{ec230001-805e-6262-6842-b050a3550000}3381/bin/dashroot 154100x80000000000000002145047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.775{ec230001-805e-6262-9090-0ee412560000}3385/usr/bin/find-----find /var/lib/apache2/module -type f -a -name filter/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-0a5eea550000}3384/bin/dashshroot 154100x80000000000000002145050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.777{ec230001-805e-6262-6872-4d6cdf550000}3386/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/filter"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-b511f2550000}3380/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.777{ec230001-805e-6262-6812-0a5eea550000}3384/bin/dashroot 534500x80000000000000002145048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.777{ec230001-805e-6262-9090-0ee412560000}3385/usr/bin/findroot 154100x80000000000000002145051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.778{ec230001-805e-6262-1090-b0c7f9550000}3387/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/filter/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6872-4d6cdf550000}3386/bin/dashshroot 534500x80000000000000002145052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.779{ec230001-805e-6262-1090-b0c7f9550000}3387/bin/touchroot 534500x80000000000000002145053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.780{ec230001-805e-6262-6872-4d6cdf550000}3386/bin/dashroot 154100x80000000000000002145055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.781{ec230001-805e-6262-9867-fc9c9c550000}3388/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q deflate/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.781{ec230001-805e-6262-9827-b511f2550000}3380/usr/bin/perlroot 154100x80000000000000002145056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.814{ec230001-805e-6262-6892-6e521b560000}3389/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fc9c9c550000}3388/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.815{ec230001-805e-6262-6822-5f59c7550000}3390/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-6e521b560000}3389/bin/dashshroot 154100x80000000000000002145057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.815{ec230001-805e-6262-785c-afac40560000}3390/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-6e521b560000}3389/bin/dashshroot 154100x80000000000000002145059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.816{ec230001-805e-6262-780c-26aadb550000}3391/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-785c-afac40560000}3390/usr/bin/envenvroot 534500x80000000000000002145062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.817{ec230001-805e-6262-6892-6e521b560000}3389/bin/dashroot 534500x80000000000000002145061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.817{ec230001-805e-6262-785c-afac40560000}3390/usr/bin/envroot 534500x80000000000000002145060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.817{ec230001-805e-6262-780c-26aadb550000}3391/usr/bin/envroot 154100x80000000000000002145063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.820{ec230001-805e-6262-68b2-9718f7550000}3392/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "deflate"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fc9c9c550000}3388/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.821{ec230001-805e-6262-9090-df0327560000}3393/usr/bin/find-----find /var/lib/apache2/module -type f -a -name deflate/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-9718f7550000}3392/bin/dashshroot 154100x80000000000000002145067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.822{ec230001-805e-6262-68e2-aeaec9550000}3394/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/deflate"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-fc9c9c550000}3388/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.822{ec230001-805e-6262-68b2-9718f7550000}3392/bin/dashroot 534500x80000000000000002145065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.822{ec230001-805e-6262-9090-df0327560000}3393/usr/bin/findroot 154100x80000000000000002145068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.823{ec230001-805e-6262-1080-1dafce550000}3395/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/deflate/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68e2-aeaec9550000}3394/bin/dashshroot 534500x80000000000000002145070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.824{ec230001-805e-6262-68e2-aeaec9550000}3394/bin/dashroot 534500x80000000000000002145069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.824{ec230001-805e-6262-1080-1dafce550000}3395/bin/touchroot 154100x80000000000000002145072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.825{ec230001-805e-6262-9817-1dcb4a560000}3396/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q status/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.825{ec230001-805e-6262-9867-fc9c9c550000}3388/usr/bin/perlroot 154100x80000000000000002145073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.849{ec230001-805e-6262-68a2-6e478e550000}3397/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-1dcb4a560000}3396/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.850{ec230001-805e-6262-6862-e503cf550000}3398/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-6e478e550000}3397/bin/dashshroot 154100x80000000000000002145074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.850{ec230001-805e-6262-78dc-d1d7b6550000}3398/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-6e478e550000}3397/bin/dashshroot 534500x80000000000000002145078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.852{ec230001-805e-6262-78dc-d1d7b6550000}3398/usr/bin/envroot 534500x80000000000000002145077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.852{ec230001-805e-6262-785c-dfcd68550000}3399/usr/bin/envroot 154100x80000000000000002145076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.852{ec230001-805e-6262-785c-dfcd68550000}3399/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78dc-d1d7b6550000}3398/usr/bin/envenvroot 534500x80000000000000002145079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.853{ec230001-805e-6262-68a2-6e478e550000}3397/bin/dashroot 154100x80000000000000002145080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.854{ec230001-805e-6262-68b2-9f4309560000}3400/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "status"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-1dcb4a560000}3396/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.855{ec230001-805e-6262-9010-f28306560000}3401/usr/bin/find-----find /var/lib/apache2/module -type f -a -name status/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68b2-9f4309560000}3400/bin/dashshroot 154100x80000000000000002145084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.856{ec230001-805e-6262-68f2-9e029c550000}3402/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/status"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9817-1dcb4a560000}3396/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.856{ec230001-805e-6262-68b2-9f4309560000}3400/bin/dashroot 534500x80000000000000002145082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.856{ec230001-805e-6262-9010-f28306560000}3401/usr/bin/findroot 534500x80000000000000002145086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.857{ec230001-805e-6262-10f0-0e9d3f560000}3403/bin/touchroot 154100x80000000000000002145085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.857{ec230001-805e-6262-10f0-0e9d3f560000}3403/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/status/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68f2-9e029c550000}3402/bin/dashshroot 534500x80000000000000002145088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.858{ec230001-805e-6262-9817-1dcb4a560000}3396/usr/bin/perlroot 534500x80000000000000002145087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.858{ec230001-805e-6262-68f2-9e029c550000}3402/bin/dashroot 154100x80000000000000002145089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.859{ec230001-805e-6262-9857-930689550000}3404/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enmod -m -q reqtimeout/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.883{ec230001-805e-6262-6822-a58f9b550000}3406/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-91b68f550000}3405/bin/dashshroot 154100x80000000000000002145091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.883{ec230001-805e-6262-78dc-7cac07560000}3406/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6892-91b68f550000}3405/bin/dashshroot 154100x80000000000000002145090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.883{ec230001-805e-6262-6892-91b68f550000}3405/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-930689550000}3404/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.885{ec230001-805e-6262-6892-91b68f550000}3405/bin/dashroot 534500x80000000000000002145095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.885{ec230001-805e-6262-78dc-7cac07560000}3406/usr/bin/envroot 534500x80000000000000002145094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.885{ec230001-805e-6262-78cc-51a3f9550000}3407/usr/bin/envroot 154100x80000000000000002145093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.885{ec230001-805e-6262-78cc-51a3f9550000}3407/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78dc-7cac07560000}3406/usr/bin/envenvroot 154100x80000000000000002145097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.886{ec230001-805e-6262-68c2-475871550000}3408/bin/dash-----sh -c find "/var/lib/apache2/module" -type f -a -name "reqtimeout"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-930689550000}3404/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.887{ec230001-805e-6262-9000-9be38c550000}3409/usr/bin/find-----find /var/lib/apache2/module -type f -a -name reqtimeout/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68c2-475871550000}3408/bin/dashshroot 534500x80000000000000002145099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.888{ec230001-805e-6262-9000-9be38c550000}3409/usr/bin/findroot 154100x80000000000000002145102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.889{ec230001-805e-6262-10c0-77eac6550000}3411/bin/touch-----touch /var/lib/apache2/module/enabled_by_maint/reqtimeout/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6842-3da11e560000}3410/bin/dashshroot 154100x80000000000000002145101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.889{ec230001-805e-6262-6842-3da11e560000}3410/bin/dash-----sh -c touch "/var/lib/apache2/module/enabled_by_maint/reqtimeout"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9857-930689550000}3404/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.889{ec230001-805e-6262-68c2-475871550000}3408/bin/dashroot 534500x80000000000000002145104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.890{ec230001-805e-6262-6842-3da11e560000}3410/bin/dashroot 534500x80000000000000002145103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.890{ec230001-805e-6262-10c0-77eac6550000}3411/bin/touchroot 154100x80000000000000002145106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.891{ec230001-805e-6262-9867-54ab16560000}3412/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enconf -m -q charset/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.891{ec230001-805e-6262-9857-930689550000}3404/usr/bin/perlroot 154100x80000000000000002145107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.913{ec230001-805e-6262-68c2-b08f6a550000}3413/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-54ab16560000}3412/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.914{ec230001-805e-6262-68f2-d976d2550000}3414/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68c2-b08f6a550000}3413/bin/dashshroot 154100x80000000000000002145108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.914{ec230001-805e-6262-78cc-305ee8550000}3414/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68c2-b08f6a550000}3413/bin/dashshroot 154100x80000000000000002145110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.915{ec230001-805e-6262-789c-0bb438560000}3415/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78cc-305ee8550000}3414/usr/bin/envenvroot 534500x80000000000000002145113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.916{ec230001-805e-6262-68c2-b08f6a550000}3413/bin/dashroot 534500x80000000000000002145112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.916{ec230001-805e-6262-78cc-305ee8550000}3414/usr/bin/envroot 534500x80000000000000002145111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.916{ec230001-805e-6262-789c-0bb438560000}3415/usr/bin/envroot 154100x80000000000000002145114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.917{ec230001-805e-6262-6822-b4dc3c560000}3416/bin/dash-----sh -c find "/var/lib/apache2/conf" -type f -a -name "charset"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-54ab16560000}3412/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.918{ec230001-805e-6262-90a0-4adbce550000}3417/usr/bin/find-----find /var/lib/apache2/conf -type f -a -name charset/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6822-b4dc3c560000}3416/bin/dashshroot 154100x80000000000000002145118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.919{ec230001-805e-6262-68a2-537f17560000}3418/bin/dash-----sh -c touch "/var/lib/apache2/conf/enabled_by_maint/charset"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9867-54ab16560000}3412/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.919{ec230001-805e-6262-6822-b4dc3c560000}3416/bin/dashroot 534500x80000000000000002145116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.919{ec230001-805e-6262-90a0-4adbce550000}3417/usr/bin/findroot 534500x80000000000000002145120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.920{ec230001-805e-6262-10c0-4a2c73550000}3419/bin/touchroot 154100x80000000000000002145119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.920{ec230001-805e-6262-10c0-4a2c73550000}3419/bin/touch-----touch /var/lib/apache2/conf/enabled_by_maint/charset/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68a2-537f17560000}3418/bin/dashshroot 534500x80000000000000002145122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.921{ec230001-805e-6262-9867-54ab16560000}3412/usr/bin/perlroot 534500x80000000000000002145121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.921{ec230001-805e-6262-68a2-537f17560000}3418/bin/dashroot 154100x80000000000000002145123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.922{ec230001-805e-6262-98c7-c4f6d4550000}3420/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enconf -m -q localized-error-pages/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.946{ec230001-805e-6262-6852-649e4f560000}3421/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-c4f6d4550000}3420/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.947{ec230001-805e-6262-6862-519e3e560000}3422/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-649e4f560000}3421/bin/dashshroot 154100x80000000000000002145125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.947{ec230001-805e-6262-78cc-8c8e2a560000}3422/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6852-649e4f560000}3421/bin/dashshroot 534500x80000000000000002145130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.948{ec230001-805e-6262-6852-649e4f560000}3421/bin/dashroot 534500x80000000000000002145129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.948{ec230001-805e-6262-78cc-8c8e2a560000}3422/usr/bin/envroot 534500x80000000000000002145128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.948{ec230001-805e-6262-785c-e5a746560000}3423/usr/bin/envroot 154100x80000000000000002145127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.948{ec230001-805e-6262-785c-e5a746560000}3423/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78cc-8c8e2a560000}3422/usr/bin/envenvroot 154100x80000000000000002145132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.950{ec230001-805e-6262-9030-0073a6550000}3425/usr/bin/find-----find /var/lib/apache2/conf -type f -a -name localized-error-pages/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6862-d1b694550000}3424/bin/dashshroot 154100x80000000000000002145131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.950{ec230001-805e-6262-6862-d1b694550000}3424/bin/dash-----sh -c find "/var/lib/apache2/conf" -type f -a -name "localized-error-pages"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-c4f6d4550000}3420/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.952{ec230001-805e-6262-6812-23d2c0550000}3426/bin/dash-----sh -c touch "/var/lib/apache2/conf/enabled_by_maint/localized-error-pages"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-98c7-c4f6d4550000}3420/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.952{ec230001-805e-6262-6862-d1b694550000}3424/bin/dashroot 534500x80000000000000002145133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.952{ec230001-805e-6262-9030-0073a6550000}3425/usr/bin/findroot 534500x80000000000000002145138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.953{ec230001-805e-6262-6812-23d2c0550000}3426/bin/dashroot 534500x80000000000000002145137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.953{ec230001-805e-6262-10c0-f6d1d2550000}3427/bin/touchroot 154100x80000000000000002145136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.953{ec230001-805e-6262-10c0-f6d1d2550000}3427/bin/touch-----touch /var/lib/apache2/conf/enabled_by_maint/localized-error-pages/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6812-23d2c0550000}3426/bin/dashshroot 154100x80000000000000002145140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.954{ec230001-805e-6262-9877-ed557f550000}3428/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enconf -m -q other-vhosts-access-log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.954{ec230001-805e-6262-98c7-c4f6d4550000}3420/usr/bin/perlroot 154100x80000000000000002145143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.978{ec230001-805e-6262-68a2-d12ee5550000}3430/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68f2-43da74550000}3429/bin/dashshroot 154100x80000000000000002145142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.978{ec230001-805e-6262-78cc-fb7162550000}3430/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68f2-43da74550000}3429/bin/dashshroot 154100x80000000000000002145141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.978{ec230001-805e-6262-68f2-43da74550000}3429/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ed557f550000}3428/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.979{ec230001-805e-6262-780c-698fa3550000}3431/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-78cc-fb7162550000}3430/usr/bin/envenvroot 534500x80000000000000002145147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.980{ec230001-805e-6262-68f2-43da74550000}3429/bin/dashroot 534500x80000000000000002145146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.980{ec230001-805e-6262-78cc-fb7162550000}3430/usr/bin/envroot 534500x80000000000000002145145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.980{ec230001-805e-6262-780c-698fa3550000}3431/usr/bin/envroot 154100x80000000000000002145149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.981{ec230001-805e-6262-90a0-742032560000}3433/usr/bin/find-----find /var/lib/apache2/conf -type f -a -name other-vhosts-access-log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-68f2-5e0f16560000}3432/bin/dashshroot 154100x80000000000000002145148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.981{ec230001-805e-6262-68f2-5e0f16560000}3432/bin/dash-----sh -c find "/var/lib/apache2/conf" -type f -a -name "other-vhosts-access-log"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ed557f550000}3428/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.983{ec230001-805e-6262-6842-9f2b62550000}3434/bin/dash-----sh -c touch "/var/lib/apache2/conf/enabled_by_maint/other-vhosts-access-log"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9877-ed557f550000}3428/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.983{ec230001-805e-6262-68f2-5e0f16560000}3432/bin/dashroot 534500x80000000000000002145150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.983{ec230001-805e-6262-90a0-742032560000}3433/usr/bin/findroot 534500x80000000000000002145154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.984{ec230001-805e-6262-1000-8b232a560000}3435/bin/touchroot 154100x80000000000000002145153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.984{ec230001-805e-6262-1000-8b232a560000}3435/bin/touch-----touch /var/lib/apache2/conf/enabled_by_maint/other-vhosts-access-log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-6842-9f2b62550000}3434/bin/dashshroot 534500x80000000000000002145156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.985{ec230001-805e-6262-9877-ed557f550000}3428/usr/bin/perlroot 534500x80000000000000002145155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.985{ec230001-805e-6262-6842-9f2b62550000}3434/bin/dashroot 154100x80000000000000002145157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:58.986{ec230001-805e-6262-9827-931e5a550000}3436/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enconf -m -q security/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.009{ec230001-805f-6262-68f2-22025d550000}3438/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6812-192a29560000}3437/bin/dashshroot 154100x80000000000000002145159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.009{ec230001-805f-6262-789c-c0f93b560000}3438/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6812-192a29560000}3437/bin/dashshroot 154100x80000000000000002145158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.009{ec230001-805f-6262-6812-192a29560000}3437/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-931e5a550000}3436/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.011{ec230001-805f-6262-6812-192a29560000}3437/bin/dashroot 534500x80000000000000002145163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.011{ec230001-805f-6262-789c-c0f93b560000}3438/usr/bin/envroot 534500x80000000000000002145162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.011{ec230001-805f-6262-782c-94cd69550000}3439/usr/bin/envroot 154100x80000000000000002145161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.011{ec230001-805f-6262-782c-94cd69550000}3439/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-789c-c0f93b560000}3438/usr/bin/envenvroot 154100x80000000000000002145165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.012{ec230001-805f-6262-6852-e073b8550000}3440/bin/dash-----sh -c find "/var/lib/apache2/conf" -type f -a -name "security"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-931e5a550000}3436/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.013{ec230001-805f-6262-90e0-17312f560000}3441/usr/bin/find-----find /var/lib/apache2/conf -type f -a -name security/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6852-e073b8550000}3440/bin/dashshroot 154100x80000000000000002145169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.014{ec230001-805f-6262-6882-ef62e3550000}3442/bin/dash-----sh -c touch "/var/lib/apache2/conf/enabled_by_maint/security"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-9827-931e5a550000}3436/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.014{ec230001-805f-6262-6852-e073b8550000}3440/bin/dashroot 534500x80000000000000002145167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.014{ec230001-805f-6262-90e0-17312f560000}3441/usr/bin/findroot 154100x80000000000000002145170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.015{ec230001-805f-6262-10b0-54262d560000}3443/bin/touch-----touch /var/lib/apache2/conf/enabled_by_maint/security/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6882-ef62e3550000}3442/bin/dashshroot 534500x80000000000000002145172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.016{ec230001-805f-6262-6882-ef62e3550000}3442/bin/dashroot 534500x80000000000000002145171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.016{ec230001-805f-6262-10b0-54262d560000}3443/bin/touchroot 154100x80000000000000002145174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.017{ec230001-805f-6262-9897-235077550000}3444/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2enconf -m -q serve-cgi-bin/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.017{ec230001-805e-6262-9827-931e5a550000}3436/usr/bin/perlroot 154100x80000000000000002145175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.038{ec230001-805f-6262-68e2-81606f550000}3445/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-9897-235077550000}3444/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.039{ec230001-805f-6262-68d2-e4f725560000}3446/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68e2-81606f550000}3445/bin/dashshroot 154100x80000000000000002145176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.039{ec230001-805f-6262-788c-fa938d550000}3446/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68e2-81606f550000}3445/bin/dashshroot 534500x80000000000000002145180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.041{ec230001-805f-6262-788c-fa938d550000}3446/usr/bin/envroot 534500x80000000000000002145179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.041{ec230001-805f-6262-781c-8a3e0b560000}3447/usr/bin/envroot 154100x80000000000000002145178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.041{ec230001-805f-6262-781c-8a3e0b560000}3447/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-788c-fa938d550000}3446/usr/bin/envenvroot 534500x80000000000000002145181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.042{ec230001-805f-6262-68e2-81606f550000}3445/bin/dashroot 154100x80000000000000002145183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.044{ec230001-805f-6262-9020-2359d7550000}3449/usr/bin/find-----find /var/lib/apache2/conf -type f -a -name serve-cgi-bin/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68a2-530430560000}3448/bin/dashshroot 154100x80000000000000002145182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.044{ec230001-805f-6262-68a2-530430560000}3448/bin/dash-----sh -c find "/var/lib/apache2/conf" -type f -a -name "serve-cgi-bin"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-9897-235077550000}3444/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.046{ec230001-805f-6262-6802-1cd8df550000}3450/bin/dash-----sh -c touch "/var/lib/apache2/conf/enabled_by_maint/serve-cgi-bin"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-9897-235077550000}3444/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.046{ec230001-805f-6262-68a2-530430560000}3448/bin/dashroot 534500x80000000000000002145184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.046{ec230001-805f-6262-9020-2359d7550000}3449/usr/bin/findroot 154100x80000000000000002145187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.047{ec230001-805f-6262-10c0-d86577550000}3451/bin/touch-----touch /var/lib/apache2/conf/enabled_by_maint/serve-cgi-bin/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6802-1cd8df550000}3450/bin/dashshroot 534500x80000000000000002145189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.048{ec230001-805f-6262-6802-1cd8df550000}3450/bin/dashroot 534500x80000000000000002145188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.048{ec230001-805f-6262-10c0-d86577550000}3451/bin/touchroot 534500x80000000000000002145190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.049{ec230001-805f-6262-9897-235077550000}3444/usr/bin/perlroot 154100x80000000000000002145191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.050{ec230001-805f-6262-98c7-443f09560000}3452/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/a2ensite -q 000-default/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.073{ec230001-805f-6262-6812-fb4691550000}3454/bin/dash-----sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68e2-80e8a5550000}3453/bin/dashshroot 154100x80000000000000002145193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.073{ec230001-805f-6262-789c-5fca86550000}3454/usr/bin/env-----env - sh -c . /etc/apache2/envvars && env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68e2-80e8a5550000}3453/bin/dashshroot 154100x80000000000000002145192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.073{ec230001-805f-6262-68e2-80e8a5550000}3453/bin/dash-----sh -c env - sh -c '. /etc/apache2/envvars && env'/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-98c7-443f09560000}3452/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.075{ec230001-805f-6262-68e2-80e8a5550000}3453/bin/dashroot 534500x80000000000000002145197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.075{ec230001-805f-6262-789c-5fca86550000}3454/usr/bin/envroot 534500x80000000000000002145196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.075{ec230001-805f-6262-78bc-9870ab550000}3455/usr/bin/envroot 154100x80000000000000002145195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.075{ec230001-805f-6262-78bc-9870ab550000}3455/usr/bin/env-----env/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-789c-5fca86550000}3454/usr/bin/envenvroot 154100x80000000000000002145199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.076{ec230001-805f-6262-6822-1742a2550000}3456/bin/dash-----sh -c find "/var/lib/apache2/site" -type f -a -name "000-default"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-98c7-443f09560000}3452/usr/bin/perl/usr/bin/perlroot 154100x80000000000000002145200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.077{ec230001-805f-6262-9060-bdfe5a550000}3457/usr/bin/find-----find /var/lib/apache2/site -type f -a -name 000-default/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6822-1742a2550000}3456/bin/dashshroot 534500x80000000000000002145202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.078{ec230001-805f-6262-6822-1742a2550000}3456/bin/dashroot 534500x80000000000000002145201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.078{ec230001-805f-6262-9060-bdfe5a550000}3457/usr/bin/findroot 154100x80000000000000002145204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.079{ec230001-805f-6262-1090-03c2d3550000}3459/bin/touch-----touch /var/lib/apache2/site/enabled_by_admin/000-default/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6892-013419560000}3458/bin/dashshroot 154100x80000000000000002145203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.079{ec230001-805f-6262-6892-013419560000}3458/bin/dash-----sh -c touch "/var/lib/apache2/site/enabled_by_admin/000-default"/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-98c7-443f09560000}3452/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002145206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.080{ec230001-805f-6262-6892-013419560000}3458/bin/dashroot 534500x80000000000000002145205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.080{ec230001-805f-6262-1090-03c2d3550000}3459/bin/touchroot 154100x80000000000000002145208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.081{ec230001-805f-6262-10c0-c4c145560000}3460/bin/touch-----touch /var/log/apache2/error.log /var/log/apache2/access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.081{ec230001-805f-6262-98c7-443f09560000}3452/usr/bin/perlroot 154100x80000000000000002145210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.082{ec230001-805f-6262-6059-cc3c5d550000}3461/bin/chown-----chown root:adm /var/log/apache2/error.log /var/log/apache2/access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.082{ec230001-805f-6262-10c0-c4c145560000}3460/bin/touchroot 154100x80000000000000002145212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.084{ec230001-805f-6262-e021-d2e676550000}3462/bin/chmod-----chmod 0640 /var/log/apache2/error.log /var/log/apache2/access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.084{ec230001-805f-6262-6059-cc3c5d550000}3461/bin/chownroot 154100x80000000000000002145214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.085{ec230001-805f-6262-1040-d5ff03560000}3463/bin/touch-----touch /var/log/apache2/other_vhosts_access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.085{ec230001-805f-6262-e021-d2e676550000}3462/bin/chmodroot 154100x80000000000000002145216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.086{ec230001-805f-6262-60a9-ddf5b8550000}3464/bin/chown-----chown root:adm /var/log/apache2/other_vhosts_access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.086{ec230001-805f-6262-1040-d5ff03560000}3463/bin/touchroot 154100x80000000000000002145218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.088{ec230001-805f-6262-e0f1-4806eb550000}3465/bin/chmod-----chmod 0640 /var/log/apache2/other_vhosts_access.log/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.088{ec230001-805f-6262-60a9-ddf5b8550000}3464/bin/chownroot 154100x80000000000000002145221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.089{ec230001-805f-6262-98b7-ca9e5f550000}3466/usr/bin/perl-----perl /usr/bin/deb-systemd-helper unmask apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.089{ec230001-805f-6262-782c-f03eb7550000}3466/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper unmask apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.089{ec230001-805f-6262-e0f1-4806eb550000}3465/bin/chmodroot 154100x80000000000000002145224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.129{ec230001-805f-6262-9827-be1757550000}3467/usr/bin/perl-----perl /usr/bin/deb-systemd-helper --quiet was-enabled apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.129{ec230001-805f-6262-78dc-2833a2550000}3467/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper --quiet was-enabled apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.129{ec230001-805f-6262-782c-f03eb7550000}3466/usr/bin/envroot 154100x80000000000000002145227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.166{ec230001-805f-6262-9837-dae616560000}3468/usr/bin/perl-----perl /usr/bin/deb-systemd-helper enable apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.166{ec230001-805f-6262-78bc-9a80d1550000}3468/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper enable apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.166{ec230001-805f-6262-78dc-2833a2550000}3467/usr/bin/envroot 154100x80000000000000002145228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.202{ec230001-805f-6262-d0dc-6825ec550000}3469/bin/systemctl-----/bin/systemctl --preset-mode=enable-only preset apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-78bc-9a80d1550000}3468/usr/bin/env/usr/bin/envroot 23542300x80000000000000002145245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002145244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002145233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002145232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.252{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002145247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.253{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.253{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 154100x80000000000000002145248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.254{ec230001-805f-6262-3823-b607ef550000}3471/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3470--- 534500x80000000000000002145250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.255{00000000-0000-0000-0000-000000000000}3470<unknown process>root 534500x80000000000000002145249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.255{ec230001-805f-6262-3823-b607ef550000}3471/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.263{ec230001-805f-6262-9867-9ab9a8550000}3476/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.263{ec230001-805f-6262-304c-1c4c68550000}3475/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.263{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.263{ec230001-805f-6262-6802-8a0a03560000}3474/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.264{ec230001-805f-6262-b8de-bbdbea550000}3478/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.264{ec230001-805f-6262-68ac-f32121560000}3480/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.264{ec230001-805f-6262-d0a9-4eec03560000}3479/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6802-8a0a03560000}3474/bin/dash/bin/shroot 154100x80000000000000002145255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.264{ec230001-805f-6262-c095-56c2e4550000}3477/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-f05b-8b47ca550000}3484/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-d06e-97eba9550000}3483/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-8846-a6289b550000}3481/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 534500x80000000000000002145262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-d0a9-4eec03560000}3479/bin/catroot 534500x80000000000000002145261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-6802-8a0a03560000}3474/bin/dashroot 154100x80000000000000002145260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-7876-e7c83b560000}3482/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash/bin/shroot 534500x80000000000000002145258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.265{ec230001-805f-6262-c095-56c2e4550000}3477/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002145277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.266{ec230001-805f-6262-d8ac-5a0971550000}3488/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.266{ec230001-805f-6262-8844-b0ae8c550000}3485/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.266{ec230001-805f-6262-2005-dcd155550000}3487/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.266{ec230001-805f-6262-a052-95dc1e560000}3486/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 154100x80000000000000002145282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-3813-10eb75550000}3490/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-9867-9ab9a8550000}3476/lib/netplan/generate/lib/systemd/system-generators/netplanroot 154100x80000000000000002145271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-80b4-3ee3da550000}3489/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3472--- 23542300x80000000000000002145267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-9867-9ab9a8550000}3476root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002145266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-9867-9ab9a8550000}3476root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002145265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-9867-9ab9a8550000}3476root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002145264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.267{ec230001-805f-6262-9867-9ab9a8550000}3476root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 534500x80000000000000002145273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.268{ec230001-805f-6262-68ac-f32121560000}3480/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002145272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.268{ec230001-805f-6262-7876-e7c83b560000}3482/usr/bin/systemd-detect-virtroot 534500x80000000000000002145269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.268{ec230001-805f-6262-304c-1c4c68550000}3475/lib/systemd/system-generators/lvm2-activation-generatorroot 154100x80000000000000002145285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.269{ec230001-805f-6262-78b6-2bbed7550000}3491/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash/bin/shroot 534500x80000000000000002145274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.269{ec230001-805f-6262-b8de-bbdbea550000}3478/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002145279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.271{ec230001-805f-6262-d06e-97eba9550000}3483/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002145284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.272{ec230001-805f-6262-8846-a6289b550000}3481/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002145283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.272{ec230001-805f-6262-8844-b0ae8c550000}3485/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x80000000000000002145281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.272{ec230001-805f-6262-2005-dcd155550000}3487/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002145280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.272{ec230001-805f-6262-80b4-3ee3da550000}3489/lib/systemd/system-generators/systemd-veritysetup-generatorroot 154100x80000000000000002145289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.276{ec230001-805f-6262-6862-a1ab32560000}3492/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash/bin/shroot 534500x80000000000000002145288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.276{ec230001-805f-6262-3813-10eb75550000}3490/bin/udevadmroot 924900x80000000000000002145287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.276{ec230001-805f-6262-f05b-8b47ca550000}3484/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002145286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.276{ec230001-805f-6262-78b6-2bbed7550000}3491/usr/bin/systemd-detect-virtroot 534500x80000000000000002145291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.277{ec230001-805f-6262-9867-9ab9a8550000}3476/lib/netplan/generateroot 534500x80000000000000002145290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.277{ec230001-805f-6262-a052-95dc1e560000}3486/lib/systemd/system-generators/systemd-rc-local-generatorroot 154100x80000000000000002145293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.278{ec230001-805f-6262-785f-1d7487550000}3493/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash/bin/shroot 534500x80000000000000002145292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.278{ec230001-805f-6262-6862-a1ab32560000}3492/bin/dashroot 534500x80000000000000002145295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.279{ec230001-805f-6262-785f-1d7487550000}3493/bin/mkdirroot 534500x80000000000000002145294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.279{ec230001-805f-6262-f05b-8b47ca550000}3484/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x80000000000000002145297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.280{ec230001-805f-6262-984d-1b0be8550000}3494/bin/lnroot 154100x80000000000000002145296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.280{ec230001-805f-6262-984d-1b0be8550000}3494/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dash/bin/shroot 534500x80000000000000002145298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.281{ec230001-805f-6262-6882-a78b2a560000}3473/bin/dashroot 534500x80000000000000002145300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.294{ec230001-805d-6262-0000-000000000000}3472-root 534500x80000000000000002145299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.294{ec230001-805f-6262-d8ac-5a0971550000}3488/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002145301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.379{ec230001-805f-6262-d0dc-6825ec550000}3469/bin/systemctlroot 534500x80000000000000002145302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.381{ec230001-805f-6262-78bc-9a80d1550000}3468/usr/bin/envroot 154100x80000000000000002145304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.382{ec230001-805f-6262-9837-e4508e550000}3495/usr/bin/perl-----perl /usr/bin/deb-systemd-helper unmask apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.382{ec230001-805f-6262-788c-dfa3cd550000}3495/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper unmask apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.419{ec230001-805f-6262-9847-d9736a550000}3496/usr/bin/perl-----perl /usr/bin/deb-systemd-helper --quiet was-enabled apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.419{ec230001-805f-6262-782c-5b77fb550000}3496/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper --quiet was-enabled apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.419{ec230001-805f-6262-788c-dfa3cd550000}3495/usr/bin/envroot 534500x80000000000000002145308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.459{ec230001-805f-6262-782c-5b77fb550000}3496/usr/bin/envroot 154100x80000000000000002145310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.460{ec230001-805f-6262-9887-f83592550000}3497/usr/bin/perl-----perl /usr/bin/deb-systemd-helper enable apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.460{ec230001-805f-6262-788c-d2e9df550000}3497/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper enable apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.498{ec230001-805f-6262-d0ec-c944e3550000}3498/bin/systemctl-----/bin/systemctl --preset-mode=enable-only preset apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-788c-d2e9df550000}3497/usr/bin/env/usr/bin/envroot 23542300x80000000000000002145315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.560{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.560{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.560{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.560{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002145330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002145327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002145326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002145316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.561{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 154100x80000000000000002145331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.562{ec230001-805f-6262-3863-efd005560000}3500/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3499--- 534500x80000000000000002145333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.563{00000000-0000-0000-0000-000000000000}3499<unknown process>root 534500x80000000000000002145332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.563{ec230001-805f-6262-3863-efd005560000}3500/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.565{ec230001-805f-6262-306c-b0f5fb550000}3504/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.565{ec230001-805f-6262-6872-96e193550000}3503/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.565{ec230001-805f-6262-6852-478257550000}3502/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-68ec-146c28560000}3510/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-b8de-1414b3550000}3509/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-c035-bb3af9550000}3507/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-78a6-e5c24f560000}3508/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-478257550000}3502/bin/dash/bin/shroot 154100x80000000000000002145338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-9857-95de9d550000}3505/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.566{ec230001-805f-6262-d0f9-6d35bc550000}3506/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-96e193550000}3503/bin/dash/bin/shroot 154100x80000000000000002145369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-d04e-a1c632560000}3512/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-88e4-f044fd550000}3514/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-f0db-0c0459550000}3513/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 534500x80000000000000002145344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-c035-bb3af9550000}3507/lib/systemd/system-generators/snapd-generatorroot 534500x80000000000000002145342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-6872-96e193550000}3503/bin/dashroot 154100x80000000000000002145341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-88d6-bcd741560000}3511/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 534500x80000000000000002145340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.567{ec230001-805f-6262-d0f9-6d35bc550000}3506/bin/catroot 154100x80000000000000002145357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.568{ec230001-805f-6262-a062-ebd39a550000}3515/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.568{ec230001-805f-6262-d8fc-9c8cc7550000}3517/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.568{ec230001-805f-6262-2005-d37e9a550000}3516/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 154100x80000000000000002145360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-80c4-c12054560000}3518/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3501--- 534500x80000000000000002145352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-306c-b0f5fb550000}3504/lib/systemd/system-generators/lvm2-activation-generatorroot 23542300x80000000000000002145351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-9857-95de9d550000}3505root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002145350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-9857-95de9d550000}3505root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002145349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-9857-95de9d550000}3505root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002145348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.569{ec230001-805f-6262-9857-95de9d550000}3505root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002145356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.570{ec230001-805f-6262-3893-49fa56550000}3519/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-9857-95de9d550000}3505/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002145354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.570{ec230001-805f-6262-78a6-e5c24f560000}3508/usr/bin/systemd-detect-virtroot 534500x80000000000000002145359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.571{ec230001-805f-6262-88d6-bcd741560000}3511/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002145358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.571{ec230001-805f-6262-68ec-146c28560000}3510/lib/systemd/system-generators/systemd-debug-generatorroot 154100x80000000000000002145370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.572{ec230001-805f-6262-78b6-dc29dd550000}3520/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-478257550000}3502/bin/dash/bin/shroot 534500x80000000000000002145362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.573{ec230001-805f-6262-2005-d37e9a550000}3516/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002145363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.574{ec230001-805f-6262-a062-ebd39a550000}3515/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002145368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.575{ec230001-805f-6262-88e4-f044fd550000}3514/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 924900x80000000000000002145367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.575{ec230001-805f-6262-f0db-0c0459550000}3513/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002145366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.575{ec230001-805f-6262-3893-49fa56550000}3519/bin/udevadmroot 534500x80000000000000002145365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.575{ec230001-805f-6262-80c4-c12054560000}3518/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x80000000000000002145364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.575{ec230001-805f-6262-b8de-1414b3550000}3509/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002145371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.576{ec230001-805f-6262-9857-95de9d550000}3505/lib/netplan/generateroot 534500x80000000000000002145372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.577{ec230001-805f-6262-f0db-0c0459550000}3513/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x80000000000000002145373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.578{ec230001-805f-6262-78b6-dc29dd550000}3520/usr/bin/systemd-detect-virtroot 154100x80000000000000002145375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.579{ec230001-805f-6262-68e2-ceb0e7550000}3521/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-478257550000}3502/bin/dash/bin/shroot 534500x80000000000000002145374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.579{ec230001-805f-6262-d04e-a1c632560000}3512/lib/systemd/system-generators/systemd-getty-generatorroot 154100x80000000000000002145377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.581{ec230001-805f-6262-780f-21e10d560000}3522/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-478257550000}3502/bin/dash/bin/shroot 534500x80000000000000002145376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.581{ec230001-805f-6262-68e2-ceb0e7550000}3521/bin/dashroot 154100x80000000000000002145379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.582{ec230001-805f-6262-982d-675f9a550000}3523/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-478257550000}3502/bin/dash/bin/shroot 534500x80000000000000002145378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.582{ec230001-805f-6262-780f-21e10d560000}3522/bin/mkdirroot 534500x80000000000000002145381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.583{ec230001-805f-6262-6852-478257550000}3502/bin/dashroot 534500x80000000000000002145380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.583{ec230001-805f-6262-982d-675f9a550000}3523/bin/lnroot 534500x80000000000000002145383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.592{ec230001-805d-6262-0000-000000000000}3501-root 534500x80000000000000002145382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.592{ec230001-805f-6262-d8fc-9c8cc7550000}3517/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002145384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.674{ec230001-805f-6262-d0ec-c944e3550000}3498/bin/systemctlroot 534500x80000000000000002145385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.675{ec230001-805f-6262-788c-d2e9df550000}3497/usr/bin/envroot 154100x80000000000000002145386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.676{ec230001-805f-6262-6802-82be02560000}3524/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/apache2 2.4.12-3~ -- configure /root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.677{ec230001-805f-6262-e8ab-5ac96b550000}3525/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6802-82be02560000}3524/bin/dash/bin/shroot 154100x80000000000000002145389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.678{ec230001-805f-6262-7021-0799c8550000}3526/usr/bin/dpkg-----dpkg --validate-version -- 2.4.12-3~/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6802-82be02560000}3524/bin/dash/bin/shroot 534500x80000000000000002145388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.678{ec230001-805f-6262-e8ab-5ac96b550000}3525/usr/bin/basenameroot 154100x80000000000000002145392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.680{ec230001-805f-6262-6832-694083550000}3527/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper mv_conffile /etc/default/apache2 /etc/default/apache-htcacheclean 2.4.18-2~ -- configure /root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.680{ec230001-805f-6262-6802-82be02560000}3524/bin/dashroot 534500x80000000000000002145390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.680{ec230001-805f-6262-7021-0799c8550000}3526/usr/bin/dpkgroot 154100x80000000000000002145393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.681{ec230001-805f-6262-e86b-98d0b2550000}3528/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6832-694083550000}3527/bin/dash/bin/shroot 534500x80000000000000002145394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.682{ec230001-805f-6262-e86b-98d0b2550000}3528/usr/bin/basenameroot 154100x80000000000000002145395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.683{ec230001-805f-6262-7031-521e4a560000}3529/usr/bin/dpkg-----dpkg --validate-version -- 2.4.18-2~/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-6832-694083550000}3527/bin/dash/bin/shroot 154100x80000000000000002145398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.685{ec230001-805f-6262-9897-4f6ad5550000}3530/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d apache2 defaults/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.685{ec230001-805f-6262-6832-694083550000}3527/bin/dashroot 534500x80000000000000002145396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.685{ec230001-805f-6262-7031-521e4a560000}3529/usr/bin/dpkgroot 154100x80000000000000002145399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.694{ec230001-805f-6262-d00c-0160ed550000}3531/bin/systemctl-----systemctl daemon-reload/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-9897-4f6ad5550000}3530/usr/bin/perl/usr/bin/perlroot 23542300x80000000000000002145400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.752{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.753{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.753{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.753{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.753{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002145408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.754{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.754{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.754{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002145405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.754{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002145413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.755{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.755{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.755{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.755{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.755{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002145418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.756{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.756{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.756{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.756{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.756{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 154100x80000000000000002145419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.758{ec230001-805f-6262-3873-a3f157550000}3533/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3532--- 534500x80000000000000002145421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.759{ec230001-805d-6262-0000-000000000000}3532-root 534500x80000000000000002145420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.759{ec230001-805f-6262-3873-a3f157550000}3533/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.760{ec230001-805f-6262-68f2-461e77550000}3536/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.760{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.761{ec230001-805f-6262-d059-7cc4c8550000}3539/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-68f2-461e77550000}3536/bin/dash/bin/shroot 154100x80000000000000002145429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.761{ec230001-805f-6262-c0a5-d81142560000}3541/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.761{ec230001-805f-6262-9827-8121e3550000}3538/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.761{ec230001-805f-6262-78b6-955c1b560000}3540/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash/bin/shroot 154100x80000000000000002145424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.761{ec230001-805f-6262-307c-d6b4df550000}3537/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.762{ec230001-805f-6262-8806-7169b3550000}3544/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.762{ec230001-805f-6262-685c-13af7f550000}3543/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.762{ec230001-805f-6262-b83e-ed65e4550000}3542/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.763{ec230001-805f-6262-8834-345fe5550000}3547/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.763{ec230001-805f-6262-f04b-a1f913560000}3546/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.763{ec230001-805f-6262-d08e-ca87cd550000}3545/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-2085-844cbc550000}3549/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-d8dc-b8e7d1550000}3550/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-a0b2-bce13a560000}3548/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 534500x80000000000000002145435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-78b6-955c1b560000}3540/usr/bin/systemd-detect-virtroot 23542300x80000000000000002145434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-9827-8121e3550000}3538root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002145433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-9827-8121e3550000}3538root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002145432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-9827-8121e3550000}3538root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002145431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.764{ec230001-805f-6262-9827-8121e3550000}3538root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002145459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.765{ec230001-805f-6262-8074-642da8550000}3551/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3534--- 154100x80000000000000002145446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.765{ec230001-805f-6262-38b3-c0441c560000}3552/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-9827-8121e3550000}3538/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002145439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.765{ec230001-805f-6262-307c-d6b4df550000}3537/lib/systemd/system-generators/lvm2-activation-generatorroot 154100x80000000000000002145438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.765{ec230001-805f-6262-7886-554734560000}3553/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash/bin/shroot 534500x80000000000000002145437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.765{ec230001-805f-6262-c0a5-d81142560000}3541/lib/systemd/system-generators/snapd-generatorroot 534500x80000000000000002145445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.766{ec230001-805f-6262-68f2-461e77550000}3536/bin/dashroot 534500x80000000000000002145444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.766{ec230001-805f-6262-b83e-ed65e4550000}3542/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002145442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.766{ec230001-805f-6262-d059-7cc4c8550000}3539/bin/catroot 534500x80000000000000002145449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.767{ec230001-805f-6262-d08e-ca87cd550000}3545/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002145447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.768{ec230001-805f-6262-38b3-c0441c560000}3552/bin/udevadmroot 154100x80000000000000002145457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-6822-ec6f3f560000}3554/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash/bin/shroot 534500x80000000000000002145456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-8806-7169b3550000}3544/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002145454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-685c-13af7f550000}3543/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002145453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-7886-554734560000}3553/usr/bin/systemd-detect-virtroot 924900x80000000000000002145452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-f04b-a1f913560000}3546/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002145451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.769{ec230001-805f-6262-9827-8121e3550000}3538/lib/netplan/generateroot 534500x80000000000000002145460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.770{ec230001-805f-6262-a0b2-bce13a560000}3548/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002145458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.770{ec230001-805f-6262-f04b-a1f913560000}3546/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 154100x80000000000000002145464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.772{ec230001-805f-6262-78ef-6169e3550000}3555/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash/bin/shroot 534500x80000000000000002145463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.772{ec230001-805f-6262-2085-844cbc550000}3549/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002145462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.772{ec230001-805f-6262-6822-ec6f3f560000}3554/bin/dashroot 534500x80000000000000002145461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.772{ec230001-805f-6262-8834-345fe5550000}3547/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x80000000000000002145465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.773{ec230001-805f-6262-8074-642da8550000}3551/lib/systemd/system-generators/systemd-veritysetup-generatorroot 154100x80000000000000002145467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.774{ec230001-805f-6262-98ad-3f4c32560000}3556/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dash/bin/shroot 534500x80000000000000002145466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.774{ec230001-805f-6262-78ef-6169e3550000}3555/bin/mkdirroot 534500x80000000000000002145469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.775{ec230001-805f-6262-6872-8c6eae550000}3535/bin/dashroot 534500x80000000000000002145468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.775{ec230001-805f-6262-98ad-3f4c32560000}3556/bin/lnroot 534500x80000000000000002145471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.790{ec230001-805d-6262-0000-000000000000}3534-root 534500x80000000000000002145470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.790{ec230001-805f-6262-d8dc-b8e7d1550000}3550/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002145473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.874{ec230001-805f-6262-9897-4f6ad5550000}3530/usr/bin/perlroot 534500x80000000000000002145472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.874{ec230001-805f-6262-d00c-0160ed550000}3531/bin/systemctlroot 154100x80000000000000002145474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.875{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash-----/bin/sh /usr/sbin/invoke-rc.d apache2 start/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.876{ec230001-805f-6262-d06c-5316f1550000}3558/bin/systemctl-----/sbin/runlevel/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 154100x80000000000000002145477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.879{ec230001-805f-6262-d03c-0bfa64550000}3559/bin/systemctl-----systemctl --quiet is-enabled apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 534500x80000000000000002145476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.879{ec230001-805f-6262-d06c-5316f1550000}3558/bin/systemctlroot 154100x80000000000000002145479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.885{ec230001-805f-6262-d04c-e4075b550000}3560/bin/systemctl-----systemctl daemon-reload/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 534500x80000000000000002145478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.885{ec230001-805f-6262-d03c-0bfa64550000}3559/bin/systemctlroot 23542300x80000000000000002145498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002145493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002145487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002145483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002145482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.933{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 154100x80000000000000002145499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.934{ec230001-805f-6262-38c3-733c92550000}3562/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3561--- 534500x80000000000000002145502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.935{00000000-0000-0000-0000-000000000000}3561<unknown process>root 534500x80000000000000002145500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.935{ec230001-805f-6262-38c3-733c92550000}3562/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.937{ec230001-805f-6262-9897-f1f5d0550000}3567/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.937{ec230001-805f-6262-308c-3b3f16560000}3566/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.937{ec230001-805f-6262-6892-60b875550000}3565/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.937{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.938{ec230001-805f-6262-7846-608a3e560000}3570/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash/bin/shroot 154100x80000000000000002145509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.938{ec230001-805f-6262-b81e-c0fe91550000}3571/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.938{ec230001-805f-6262-c0d5-7fc49b550000}3568/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.938{ec230001-805f-6262-d029-0b18e6550000}3569/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6892-60b875550000}3565/bin/dash/bin/shroot 154100x80000000000000002145527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-d05e-96fa38560000}3574/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-684c-419b63550000}3572/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-8866-6f17a4550000}3573/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 534500x80000000000000002145512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-6892-60b875550000}3565/bin/dashroot 534500x80000000000000002145511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-d029-0b18e6550000}3569/bin/catroot 534500x80000000000000002145508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.939{ec230001-805f-6262-c0d5-7fc49b550000}3568/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002145528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.940{ec230001-805f-6262-8834-113186550000}3576/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.940{ec230001-805f-6262-a052-f0c780550000}3577/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.940{ec230001-805f-6262-f0ab-003b5a550000}3575/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-2005-f5d370550000}3578/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-8034-244747560000}3580/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 154100x80000000000000002145523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-d86c-62a1e2550000}3579/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3563--- 23542300x80000000000000002145518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-9897-f1f5d0550000}3567root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002145517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-9897-f1f5d0550000}3567root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002145516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-9897-f1f5d0550000}3567root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002145515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.941{ec230001-805f-6262-9897-f1f5d0550000}3567root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002145532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.942{ec230001-805f-6262-7866-373806560000}3582/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash/bin/shroot 154100x80000000000000002145530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.942{ec230001-805f-6262-38b3-f4e397550000}3581/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-9897-f1f5d0550000}3567/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002145520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.942{ec230001-805f-6262-7846-608a3e560000}3570/usr/bin/systemd-detect-virtroot 534500x80000000000000002145519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.942{ec230001-805f-6262-308c-3b3f16560000}3566/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x80000000000000002145524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.943{ec230001-805f-6262-b81e-c0fe91550000}3571/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002145531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.944{ec230001-805f-6262-684c-419b63550000}3572/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002145529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.944{ec230001-805f-6262-8866-6f17a4550000}3573/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002145533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.945{ec230001-805f-6262-a052-f0c780550000}3577/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002145536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.946{ec230001-805f-6262-38b3-f4e397550000}3581/bin/udevadmroot 534500x80000000000000002145535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.946{ec230001-805f-6262-2005-f5d370550000}3578/lib/systemd/system-generators/systemd-system-update-generatorroot 924900x80000000000000002145534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.946{ec230001-805f-6262-f0ab-003b5a550000}3575/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002145539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.947{ec230001-805f-6262-f0ab-003b5a550000}3575/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x80000000000000002145538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.947{ec230001-805f-6262-d05e-96fa38560000}3574/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002145537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.947{ec230001-805f-6262-9897-f1f5d0550000}3567/lib/netplan/generateroot 534500x80000000000000002145541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.948{ec230001-805f-6262-8034-244747560000}3580/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x80000000000000002145540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.948{ec230001-805f-6262-8834-113186550000}3576/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 154100x80000000000000002145543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.949{ec230001-805f-6262-68a2-d73acf550000}3583/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash/bin/shroot 534500x80000000000000002145542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.949{ec230001-805f-6262-7866-373806560000}3582/usr/bin/systemd-detect-virtroot 154100x80000000000000002145545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.951{ec230001-805f-6262-78df-00c3a0550000}3584/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash/bin/shroot 534500x80000000000000002145544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.951{ec230001-805f-6262-68a2-d73acf550000}3583/bin/dashroot 154100x80000000000000002145547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.952{ec230001-805f-6262-98ed-e1d356550000}3585/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dash/bin/shroot 534500x80000000000000002145546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.952{ec230001-805f-6262-78df-00c3a0550000}3584/bin/mkdirroot 534500x80000000000000002145549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.953{ec230001-805f-6262-6852-cfb2ae550000}3564/bin/dashroot 534500x80000000000000002145548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.953{ec230001-805f-6262-98ed-e1d356550000}3585/bin/lnroot 534500x80000000000000002145550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.965{ec230001-805f-6262-d86c-62a1e2550000}3579/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002145551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:59.966{ec230001-805d-6262-0000-000000000000}3563-root 154100x80000000000000002145553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.050{ec230001-8060-6262-d0cc-a702c9550000}3586/bin/systemctl-----systemctl -p LoadState show apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 534500x80000000000000002145552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.050{ec230001-805f-6262-d04c-e4075b550000}3560/bin/systemctlroot 154100x80000000000000002145555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.057{ec230001-8060-6262-d04c-c39577550000}3587/bin/systemctl-----systemctl --quiet is-active multi-user.target/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 534500x80000000000000002145554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.057{ec230001-8060-6262-d0cc-a702c9550000}3586/bin/systemctlroot 154100x80000000000000002145557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.061{ec230001-8060-6262-d0bc-c42a45560000}3588/bin/systemctl-----systemctl start apache2.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dash/bin/shroot 534500x80000000000000002145556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.061{ec230001-8060-6262-d04c-c39577550000}3587/bin/systemctlroot 154100x80000000000000002145558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.064{ec230001-8060-6262-5856-629f7d550000}3589/bin/systemd-tty-ask-password-agent-----/bin/systemd-tty-ask-password-agent --watch/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-8060-6262-d0bc-c42a45560000}3588/bin/systemctlsystemctlroot 154100x80000000000000002145559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.067{ec230001-8060-6262-6882-28df22560000}3590/bin/dash-----/bin/sh /usr/sbin/apachectl start/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-60e5-6262-5899-087003560000}1/lib/systemd/systemd/sbin/initroot 154100x80000000000000002145560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.069{ec230001-8060-6262-102e-1bc41f560000}3591/usr/bin/id-----id -u/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 154100x80000000000000002145562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.072{ec230001-8060-6262-784f-a23ed6550000}3592/bin/mkdir-----mkdir -p /var/run/apache2/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.072{ec230001-8060-6262-102e-1bc41f560000}3591/usr/bin/idroot 534500x80000000000000002145563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.073{ec230001-8060-6262-784f-a23ed6550000}3592/bin/mkdirroot 154100x80000000000000002145564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.074{ec230001-8060-6262-8894-908087550000}3594/usr/bin/stat-----stat -c %F:%U /var/lock/apache2/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3593--- 534500x80000000000000002145566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.075{00000000-0000-0000-0000-000000000000}3593<unknown process>root 534500x80000000000000002145565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.075{ec230001-8060-6262-8894-908087550000}3594/usr/bin/statroot 154100x80000000000000002145569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.076{ec230001-8060-6262-e051-8f3cf3550000}3596/bin/chmod-----chmod 755 /var/lock/apache2.4z0hlJHcBM/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.076{ec230001-8060-6262-a800-6c9278550000}3595/bin/mktemproot 154100x80000000000000002145567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.076{ec230001-8060-6262-a800-6c9278550000}3595/bin/mktemp-----mktemp -d /var/lock/apache2.XXXXXXXXXX/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 154100x80000000000000002145571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.077{ec230001-8060-6262-60b9-68afd5550000}3598/bin/chown-----chown www-data /var/lock/apache2.4z0hlJHcBM/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.077{ec230001-8060-6262-e051-8f3cf3550000}3596/bin/chmodroot 154100x80000000000000002145573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.079{ec230001-8060-6262-882b-6ce2d3550000}3604/bin/mv-----mv -T /var/lock/apache2.4z0hlJHcBM /var/lock/apache2/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.079{ec230001-8060-6262-60b9-68afd5550000}3598/bin/chownroot 154100x80000000000000002145575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.081{ec230001-8060-6262-70e3-229af2550000}3605/bin/rm-----rm -f /var/run/apache2/*ssl_scache*/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.081{ec230001-8060-6262-882b-6ce2d3550000}3604/bin/mvroot 154100x80000000000000002145577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.082{ec230001-8060-6262-68e9-b8824e560000}3606/usr/sbin/apache2-----/usr/sbin/apache2 -k start/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6882-28df22560000}3590/bin/dash/bin/shroot 534500x80000000000000002145576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.082{ec230001-8060-6262-70e3-229af2550000}3605/bin/rmroot 534500x80000000000000002145586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{00000000-0000-0000-0000-000000000000}3603<unknown process>root 534500x80000000000000002145585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{00000000-0000-0000-0000-000000000000}3609<unknown process>root 534500x80000000000000002145584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{00000000-0000-0000-0000-000000000000}3599<unknown process>root 534500x80000000000000002145583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{00000000-0000-0000-0000-000000000000}3601<unknown process>root 534500x80000000000000002145582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{ec230001-8060-6262-0000-000000000000}3607-root 534500x80000000000000002145581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{ec230001-8060-6262-0000-000000000000}3602-root 534500x80000000000000002145580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{ec230001-8060-6262-0000-000000000000}3597-root 534500x80000000000000002145579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{ec230001-8060-6262-0000-000000000000}3600-root 23542300x80000000000000002145578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.087{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002145587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.088{00000000-0000-0000-0000-000000000000}3608<unknown process>root 534500x80000000000000002145589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.134{ec230001-8060-6262-0000-000000000000}3610-root 23542300x80000000000000002145588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.134{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 354300x80000000000000002145595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-34141- 354300x80000000000000002145594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-8060-6262-68e9-b8824e560000}3606/usr/sbin/apache2rootudptruefalse127.0.0.1-34141-false127.0.0.53-53- 354300x80000000000000002145593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-32986- 354300x80000000000000002145592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-39083-false10.0.0.2-53- 354300x80000000000000002145591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47409-false10.0.0.2-53- 354300x80000000000000002145590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.138{ec230001-8060-6262-68e9-b8824e560000}3606/usr/sbin/apache2rootudptruefalse127.0.0.1-32986-false127.0.0.53-53- 534500x80000000000000002145600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.139{00000000-0000-0000-0000-000000000000}3611<unknown process>root 534500x80000000000000002145599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.139{00000000-0000-0000-0000-000000000000}3612<unknown process>root 23542300x80000000000000002145598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.139{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 354300x80000000000000002145597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.139{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-54600-false10.0.0.2-53- 354300x80000000000000002145596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.139{ec230001-8060-6262-68e9-b8824e560000}3606/usr/sbin/apache2rootudptruefalse127.0.0.1-53527-false127.0.0.53-53- 354300x80000000000000002145601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.140{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53527- 354300x80000000000000002145609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.144{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58373-false10.0.0.2-53- 354300x80000000000000002145605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.144{ec230001-8060-6262-68e9-b8824e560000}3613/usr/sbin/apache2-udptruefalse127.0.0.1-60243-false127.0.0.53-53- 23542300x80000000000000002145604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.144{ec230001-60ec-6262-c89a-4e13d6550000}462root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:38024--- 534500x80000000000000002145603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.144{ec230001-8060-6262-6882-28df22560000}3590/bin/dashroot 534500x80000000000000002145602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.144{ec230001-8060-6262-68e9-b8824e560000}3606/usr/sbin/apache2root 534500x80000000000000002145615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-8060-6262-5856-629f7d550000}3589/bin/systemd-tty-ask-password-agentroot 354300x80000000000000002145612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-8060-6262-68e9-b8824e560000}3613/usr/sbin/apache2rootudptruefalse127.0.0.1-59391-false127.0.0.53-53- 354300x80000000000000002145611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60243- 354300x80000000000000002145610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-55824-false10.0.0.2-53- 354300x80000000000000002145608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43818- 354300x80000000000000002145607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-8060-6262-68e9-b8824e560000}3613/usr/sbin/apache2rootudptruefalse127.0.0.1-43818-false127.0.0.53-53- 354300x80000000000000002145606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.145{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59391- 154100x80000000000000002145616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.146{ec230001-8060-6262-98c7-9fb053560000}3614/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d apache-htcacheclean defaults/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.146{ec230001-805f-6262-68f2-089e5d550000}3557/bin/dashroot 534500x80000000000000002145613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.146{ec230001-8060-6262-d0bc-c42a45560000}3588/bin/systemctlroot 534500x80000000000000002145617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.149{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002145622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.150{ec230001-8060-6262-0000-000000000000}3617-root 534500x80000000000000002145621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.150{00000000-0000-0000-0000-000000000000}3619<unknown process>root 534500x80000000000000002145620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.150{ec230001-8060-6262-0000-000000000000}3631-root 23542300x80000000000000002145619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.150{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002145618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.150{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 154100x80000000000000002145623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.153{ec230001-8060-6262-d0ec-c07347560000}3674/bin/systemctl-----systemctl daemon-reload/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-8060-6262-98c7-9fb053560000}3614/usr/bin/perl/usr/bin/perlroot 23542300x80000000000000002145629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002145628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002145624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.208{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002145639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002145638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.209{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 154100x80000000000000002145643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.210{ec230001-8060-6262-38e3-9e2d73550000}3676/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3675--- 534500x80000000000000002145645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.211{ec230001-8060-6262-0000-000000000000}3675-root 534500x80000000000000002145644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.211{ec230001-8060-6262-38e3-9e2d73550000}3676/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.212{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.213{ec230001-8060-6262-c0e5-ccf2f6550000}3682/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.213{ec230001-8060-6262-d029-d0bcb0550000}3683/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-6892-bb7683550000}3679/bin/dash/bin/shroot 154100x80000000000000002145649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.213{ec230001-8060-6262-9897-ba6c30560000}3681/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.213{ec230001-8060-6262-302c-7d9f6d550000}3680/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.213{ec230001-8060-6262-6892-bb7683550000}3679/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-8856-3a79ad550000}3687/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-68ec-00bef3550000}3686/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-d0ce-3f66b0550000}3688/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-b8be-2c0f07560000}3685/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 534500x80000000000000002145653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-c0e5-ccf2f6550000}3682/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002145651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.214{ec230001-8060-6262-7866-b3d44c560000}3684/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash/bin/shroot 154100x80000000000000002145669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-20b5-a8407b550000}3692/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-f00b-feca12560000}3689/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-a032-88c27f550000}3691/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-88e4-942c9e550000}3690/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 534500x80000000000000002145655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-6892-bb7683550000}3679/bin/dashroot 534500x80000000000000002145654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.215{ec230001-8060-6262-d029-d0bcb0550000}3683/bin/catroot 154100x80000000000000002145676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.216{ec230001-8060-6262-d86c-c2bcdd550000}3693/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 154100x80000000000000002145665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.216{ec230001-8060-6262-8064-b4b211560000}3694/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3677--- 23542300x80000000000000002145661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.216{ec230001-8060-6262-9897-ba6c30560000}3681root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002145660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.216{ec230001-8060-6262-9897-ba6c30560000}3681root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002145671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.217{ec230001-8060-6262-38e3-56e094550000}3695/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-9897-ba6c30560000}3681/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002145666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.217{ec230001-8060-6262-302c-7d9f6d550000}3680/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x80000000000000002145664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.217{ec230001-8060-6262-7866-b3d44c560000}3684/usr/bin/systemd-detect-virtroot 23542300x80000000000000002145663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.217{ec230001-8060-6262-9897-ba6c30560000}3681root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002145662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.217{ec230001-8060-6262-9897-ba6c30560000}3681root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 154100x80000000000000002145678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.218{ec230001-8060-6262-7816-38f76d550000}3696/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash/bin/shroot 534500x80000000000000002145673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.219{ec230001-8060-6262-68ec-00bef3550000}3686/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002145672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.219{ec230001-8060-6262-b8be-2c0f07560000}3685/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002145670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.219{ec230001-8060-6262-88e4-942c9e550000}3690/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x80000000000000002145675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.220{ec230001-8060-6262-d0ce-3f66b0550000}3688/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002145680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.221{ec230001-8060-6262-8064-b4b211560000}3694/lib/systemd/system-generators/systemd-veritysetup-generatorroot 924900x80000000000000002145679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.221{ec230001-8060-6262-f00b-feca12560000}3689/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002145677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.221{ec230001-8060-6262-20b5-a8407b550000}3692/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002145682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.222{ec230001-8060-6262-9897-ba6c30560000}3681/lib/netplan/generateroot 534500x80000000000000002145681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.222{ec230001-8060-6262-38e3-56e094550000}3695/bin/udevadmroot 534500x80000000000000002145684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.223{ec230001-8060-6262-8856-3a79ad550000}3687/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002145683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.223{ec230001-8060-6262-f00b-feca12560000}3689/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 154100x80000000000000002145687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.225{ec230001-8060-6262-6822-35ebcf550000}3697/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash/bin/shroot 534500x80000000000000002145686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.225{ec230001-8060-6262-a032-88c27f550000}3691/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002145685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.225{ec230001-8060-6262-7816-38f76d550000}3696/usr/bin/systemd-detect-virtroot 154100x80000000000000002145689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.227{ec230001-8060-6262-784f-255ba7550000}3698/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash/bin/shroot 534500x80000000000000002145688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.227{ec230001-8060-6262-6822-35ebcf550000}3697/bin/dashroot 154100x80000000000000002145691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.228{ec230001-8060-6262-988d-37ede7550000}3699/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dash/bin/shroot 534500x80000000000000002145690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.228{ec230001-8060-6262-784f-255ba7550000}3698/bin/mkdirroot 534500x80000000000000002145693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.229{ec230001-8060-6262-68c2-8a073f560000}3678/bin/dashroot 534500x80000000000000002145692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.229{ec230001-8060-6262-988d-37ede7550000}3699/bin/lnroot 534500x80000000000000002145694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.243{ec230001-8060-6262-d86c-c2bcdd550000}3693/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002145695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.244{ec230001-8060-6262-0000-000000000000}3677-root 154100x80000000000000002145698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.329{ec230001-8060-6262-7081-e23058550000}3700/usr/bin/dpkg-----dpkg --compare-versions lt 2.4.18-2~/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.329{ec230001-8060-6262-98c7-9fb053560000}3614/usr/bin/perlroot 534500x80000000000000002145696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.329{ec230001-8060-6262-d0ec-c07347560000}3674/bin/systemctlroot 154100x80000000000000002145701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.332{ec230001-8060-6262-98e7-e6c384550000}3701/usr/bin/perl-----perl /usr/bin/deb-systemd-helper debian-installed apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.332{ec230001-8060-6262-786c-419162550000}3701/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper debian-installed apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 534500x80000000000000002145699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.332{ec230001-8060-6262-7081-e23058550000}3700/usr/bin/dpkgroot 354300x80000000000000002145702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.342{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36514-false10.0.1.12-8000- 534500x80000000000000002145703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.371{ec230001-8060-6262-786c-419162550000}3701/usr/bin/envroot 154100x80000000000000002145705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.372{ec230001-8060-6262-98b7-d3e29f550000}3702/usr/bin/perl-----perl /usr/bin/deb-systemd-helper disable apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 154100x80000000000000002145704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.372{ec230001-8060-6262-780c-c5437d550000}3702/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper disable apache-htcacheclean.service/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-805e-6262-0894-63deb5550000}3264/bin/bash/bin/bashroot 23542300x80000000000000002145707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.407{ec230001-8060-6262-780c-c5437d550000}3702root/usr/bin/perl/etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service--- 23542300x80000000000000002145706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.407{ec230001-8060-6262-780c-c5437d550000}3702root/usr/bin/perl/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/apache-htcacheclean.service--- 154100x80000000000000002145708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.413{ec230001-8060-6262-d02c-25c169550000}3703/bin/systemctl-----systemctl daemon-reload/root{ec230001-0000-0000-0000-000001000000}01no level-{ec230001-8060-6262-780c-c5437d550000}3702/usr/bin/env/usr/bin/envroot 23542300x80000000000000002145709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.464{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002145715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002145714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002145713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002145712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002145711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002145710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.465{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002145723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002145722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002145721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002145720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002145719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002145718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002145717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002145716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.466{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002145727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.467{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002145726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.467{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002145725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.467{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002145724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.467{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 154100x80000000000000002145728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.468{ec230001-8060-6262-38b3-5869ad550000}3705/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3704--- 534500x80000000000000002145730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.469{ec230001-8060-6262-0000-000000000000}3704-root 534500x80000000000000002145729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.469{ec230001-8060-6262-38b3-5869ad550000}3705/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002145732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.471{ec230001-8060-6262-6872-232634560000}3708/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3706--- 154100x80000000000000002145731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:00.471{ec230001-8060-6262-68b2-6021ff550000}3707/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}3706--- 23542300x80000000000000002146495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:30.993{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002146496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:32.377{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36526-false10.0.1.12-8000- 354300x80000000000000002146497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:38.283{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36528-false10.0.1.12-8000- 354300x80000000000000002146498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:43.323{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36530-false10.0.1.12-8000- 354300x80000000000000002146499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:46.760{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39516-false10.0.1.12-8089- 354300x80000000000000002146500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:48.361{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36534-false10.0.1.12-8000- 354300x80000000000000002146501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:54.267{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36536-false10.0.1.12-8000- 534500x80000000000000002146502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:55.164{ec230001-60ec-6262-c89a-4e13d6550000}462/lib/systemd/systemd-journaldroot 354300x80000000000000002146503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:56.111{ec230001-60f3-6262-5135-0092907f0000}1373/snap/amazon-ssm-agent/5163/ssm-agent-workerroottcptruefalse10.0.1.20-42028-false169.254.169.254-80- 354300x80000000000000002146504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:56.112{ec230001-60f3-6262-5135-0092907f0000}1373/snap/amazon-ssm-agent/5163/ssm-agent-workerroottcptruefalse10.0.1.20-42030-false169.254.169.254-80- 354300x80000000000000002146505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:16:59.335{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36542-false10.0.1.12-8000- 154100x80000000000000002146506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.566{ec230001-809c-6262-6842-4a1b8e550000}3988/bin/dash-----/bin/sh -c cd / && run-parts --report /etc/cron.hourly/rootroot{ec230001-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}3987--- 154100x80000000000000002146508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.567{ec230001-809c-6262-384a-a51c10560000}3989/bin/run-parts-----run-parts --report /etc/cron.hourly/root{ec230001-0000-0000-0000-000000000000}05no level-{ec230001-809c-6262-6842-4a1b8e550000}3988/bin/dash/bin/shroot 534500x80000000000000002146509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.568{ec230001-809c-6262-384a-a51c10560000}3989/bin/run-partsroot 534500x80000000000000002146507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.568{ec230001-809c-6262-6842-4a1b8e550000}3988/bin/dashroot 534500x80000000000000002146510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.569{00000000-0000-0000-0000-000000000000}3987<unknown process>root 23542300x80000000000000002146511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:00.858{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002146512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:04.406{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36544-false10.0.1.12-8000- 354300x80000000000000002146513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:09.418{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36546-false10.0.1.12-8000- 154100x80000000000000002146514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:12.837{ec230001-80a8-6262-6864-e9a22b560000}3990/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002146515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:12.848{ec230001-80a8-6262-6864-e9a22b560000}3990/bin/psroot 354300x80000000000000002146516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:14.428{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36548-false10.0.1.12-8000- 354300x80000000000000002146517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:19.430{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36550-false10.0.1.12-8000- 354300x80000000000000002146518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:25.422{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36552-false10.0.1.12-8000- 23542300x80000000000000002146519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:31.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002146520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:31.371{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36554-false10.0.1.12-8000- 354300x80000000000000002146521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:37.259{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36556-false10.0.1.12-8000- 354300x80000000000000002146522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:42.334{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36558-false10.0.1.12-8000- 354300x80000000000000002146523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:46.765{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39544-false10.0.1.12-8089- 354300x80000000000000002146524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:47.450{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36562-false10.0.1.12-8000- 354300x80000000000000002146525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:53.409{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36564-false10.0.1.12-8000- 354300x80000000000000002146526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:17:58.437{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36566-false10.0.1.12-8000- 23542300x80000000000000002146527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:01.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x80000000000000002146528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.104{ec230001-80da-6262-503c-7b0000000000}3992/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}3991--- 154100x80000000000000002146537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.205{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-80da-6262-503c-7b0000000000}3992/usr/bin/python3.6/usr/bin/python3ubuntu 154100x80000000000000002146529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.205{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-80da-6262-503c-7b0000000000}3992/usr/bin/python3.6/usr/bin/python3ubuntu 534500x80000000000000002146536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.234{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.273{ec230001-80da-6262-70e8-d100f4550000}3993/usr/bin/snapubuntu 534500x80000000000000002146544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.274{ec230001-80da-6262-a436-500964550000}3993/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.340{ec230001-80da-6262-503c-7b0000000000}3992/usr/bin/python3.6ubuntu 534500x80000000000000002146546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:02.341{ec230001-80da-6262-0000-000000000000}3991-ubuntu 354300x80000000000000002146547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:04.260{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36568-false10.0.1.12-8000- 354300x80000000000000002146548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:09.394{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36570-false10.0.1.12-8000- 154100x80000000000000002146549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:13.901{ec230001-80e5-6262-6854-59f0da550000}4007/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002146550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:13.914{ec230001-80e5-6262-6854-59f0da550000}4007/bin/psroot 354300x80000000000000002146551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:14.423{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36572-false10.0.1.12-8000- 354300x80000000000000002146552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:19.438{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36574-false10.0.1.12-8000- 354300x80000000000000002146553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:25.263{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36576-false10.0.1.12-8000- 23542300x80000000000000002146554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:31.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002146555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:31.254{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36578-false10.0.1.12-8000- 354300x80000000000000002146556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:36.395{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36580-false10.0.1.12-8000- 354300x80000000000000002146557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.445{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36582-false10.0.1.12-8000- 154100x80000000000000002146558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.838{ec230001-8101-6262-503c-7b0000000000}4009/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4008--- 154100x80000000000000002146566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.897{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8101-6262-503c-7b0000000000}4009/usr/bin/python3.6/usr/bin/python3ubuntu 154100x80000000000000002146559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.897{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command services/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8101-6262-503c-7b0000000000}4009/usr/bin/python3.6/usr/bin/python3ubuntu 534500x80000000000000002146565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.912{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.928{ec230001-8101-6262-7068-3e4961550000}4010/usr/bin/snapubuntu 534500x80000000000000002146573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.929{ec230001-8101-6262-a4f6-915614560000}4010/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002146574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.953{ec230001-8101-6262-503c-7b0000000000}4009/usr/bin/python3.6ubuntu 534500x80000000000000002146575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:41.954{00000000-0000-0000-0000-000000000000}4008<unknown process>ubuntu 354300x80000000000000002146576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:46.466{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36584-false10.0.1.12-8000- 354300x80000000000000002146577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:46.770{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39570-false10.0.1.12-8089- 154100x80000000000000002146579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.261{ec230001-8107-6262-e85b-fb3b34560000}4024/usr/bin/basename-----basename /usr/sbin/service/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.261{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash-----/bin/sh /usr/sbin/service --status-all/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 154100x80000000000000002146581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.262{ec230001-8107-6262-e84b-4e5609560000}4025/usr/bin/basename-----basename /usr/sbin/service/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.262{ec230001-8107-6262-e85b-fb3b34560000}4024/usr/bin/basenameubuntu 534500x80000000000000002146582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.263{ec230001-8107-6262-e84b-4e5609560000}4025/usr/bin/basenameubuntu 154100x80000000000000002146584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.264{ec230001-8107-6262-6882-b76bb2550000}4026/bin/dash-----/bin/sh /etc/init.d/acpid status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.264{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/acpid status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.265{ec230001-8107-6262-38da-903c27560000}4027/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 154100x80000000000000002146587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.266{ec230001-8107-6262-d01c-47c597550000}4028/bin/systemctl-----systemctl -p LoadState --value show acpid.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 534500x80000000000000002146586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.266{ec230001-8107-6262-38da-903c27560000}4027/bin/run-partsubuntu 154100x80000000000000002146589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.277{ec230001-8107-6262-c095-73948c550000}4029/bin/readlink-----readlink -f /etc/init.d/acpid/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 534500x80000000000000002146588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.277{ec230001-8107-6262-d01c-47c597550000}4028/bin/systemctlubuntu 154100x80000000000000002146591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.278{ec230001-8107-6262-d0cc-52e7e1550000}4030/bin/systemctl-----systemctl -p CanReload --value show acpid.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 534500x80000000000000002146590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.278{ec230001-8107-6262-c095-73948c550000}4029/bin/readlinkubuntu 534500x80000000000000002146592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.283{ec230001-8107-6262-d0cc-52e7e1550000}4030/bin/systemctlubuntu 154100x80000000000000002146593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.284{ec230001-8107-6262-d06c-bc896e550000}4031/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 154100x80000000000000002146595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.287{ec230001-8107-6262-d0fc-a628b2550000}4032/bin/systemctl-----/bin/systemctl --no-pager status acpid.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envenvubuntu 534500x80000000000000002146594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.287{ec230001-8107-6262-d06c-bc896e550000}4031/bin/systemctlubuntu 154100x80000000000000002146600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.302{ec230001-8107-6262-50fc-218b3d560000}4034/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.302{ec230001-8107-6262-68c2-1582ea550000}4034/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.302{ec230001-8107-6262-0000-000000000000}4033-ubuntu 534500x80000000000000002146597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.302{ec230001-8107-6262-785c-ce69a1550000}4026/usr/bin/envubuntu 534500x80000000000000002146596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.302{ec230001-8107-6262-d0fc-a628b2550000}4032/bin/systemctlubuntu 154100x80000000000000002146603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.305{ec230001-8107-6262-6862-893fbe550000}4035/bin/dash-----/bin/sh /etc/init.d/apache-htcacheclean status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.305{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/apache-htcacheclean status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.305{ec230001-8107-6262-68c2-1582ea550000}4034/bin/dashubuntu 154100x80000000000000002146604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.307{ec230001-8107-6262-386a-e770af550000}4036/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 154100x80000000000000002146606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.308{ec230001-8107-6262-d00c-c6e924560000}4037/bin/systemctl-----systemctl -p LoadState --value show apache-htcacheclean.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.308{ec230001-8107-6262-386a-e770af550000}4036/bin/run-partsubuntu 154100x80000000000000002146608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.319{ec230001-8107-6262-c035-3cd7eb550000}4038/bin/readlink-----readlink -f /etc/init.d/apache-htcacheclean/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.319{ec230001-8107-6262-d00c-c6e924560000}4037/bin/systemctlubuntu 154100x80000000000000002146610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.320{ec230001-8107-6262-d08c-c1f72e560000}4039/bin/systemctl-----systemctl -p CanReload --value show apache-htcacheclean.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.320{ec230001-8107-6262-c035-3cd7eb550000}4038/bin/readlinkubuntu 534500x80000000000000002146611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.332{ec230001-8107-6262-d08c-c1f72e560000}4039/bin/systemctlubuntu 534500x80000000000000002146613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.333{ec230001-8107-6262-7872-aafbbc550000}4040/bin/plymouthubuntu 154100x80000000000000002146612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.333{ec230001-8107-6262-7872-aafbbc550000}4040/bin/plymouth-----plymouth --ping/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.334{ec230001-8107-6262-e87b-921f8e550000}4041/usr/bin/basenameubuntu 154100x80000000000000002146614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.334{ec230001-8107-6262-e87b-921f8e550000}4041/usr/bin/basename-----basename /etc/init.d/apache-htcacheclean/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.335{ec230001-8107-6262-0000-000000000000}4042-ubuntu 154100x80000000000000002146617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.336{ec230001-8107-6262-d039-4a2e31560000}4043/bin/cat-----cat /proc/cmdline/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 154100x80000000000000002146619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.337{ec230001-8107-6262-78ff-f7a3ae550000}4044/sbin/killall5-----/bin/pidof -o %PPID -x /usr/bin/htcacheclean/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envenvubuntu 534500x80000000000000002146618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.337{ec230001-8107-6262-d039-4a2e31560000}4043/bin/catubuntu 534500x80000000000000002146620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.344{ec230001-8107-6262-78ff-f7a3ae550000}4044/sbin/killall5ubuntu 154100x80000000000000002146624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.345{ec230001-8107-6262-501c-9f2d6e550000}4046/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.345{ec230001-8107-6262-6832-8cfe50560000}4046/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.345{ec230001-8107-6262-0000-000000000000}4045-ubuntu 534500x80000000000000002146621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.345{ec230001-8107-6262-78fc-cc729f550000}4035/usr/bin/envubuntu 154100x80000000000000002146627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.346{ec230001-8107-6262-68d2-5983d7550000}4047/bin/dash-----/bin/sh /etc/init.d/apache2 status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.346{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/apache2 status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.346{ec230001-8107-6262-6832-8cfe50560000}4046/bin/dashubuntu 154100x80000000000000002146629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.348{ec230001-8107-6262-38aa-fdbb6f550000}4049/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 534500x80000000000000002146628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.348{ec230001-8107-6262-0000-000000000000}4048-ubuntu 534500x80000000000000002146630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.349{ec230001-8107-6262-38aa-fdbb6f550000}4049/bin/run-partsubuntu 154100x80000000000000002146631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.350{ec230001-8107-6262-d0dc-11c2ec550000}4050/bin/systemctl-----systemctl -p LoadState --value show apache2.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 154100x80000000000000002146633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.357{ec230001-8107-6262-c065-60080c560000}4051/bin/readlink-----readlink -f /etc/init.d/apache2/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 534500x80000000000000002146632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.357{ec230001-8107-6262-d0dc-11c2ec550000}4050/bin/systemctlubuntu 154100x80000000000000002146635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.358{ec230001-8107-6262-d0bc-26c13d560000}4052/bin/systemctl-----systemctl -p CanReload --value show apache2.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 534500x80000000000000002146634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.358{ec230001-8107-6262-c065-60080c560000}4051/bin/readlinkubuntu 534500x80000000000000002146636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.363{ec230001-8107-6262-d0bc-26c13d560000}4052/bin/systemctlubuntu 154100x80000000000000002146637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.364{ec230001-8107-6262-d09c-4c2d28560000}4053/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 534500x80000000000000002146638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.367{ec230001-8107-6262-d09c-4c2d28560000}4053/bin/systemctlubuntu 154100x80000000000000002146639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.368{ec230001-8107-6262-d08c-c0f10c560000}4054/bin/systemctl-----/bin/systemctl --no-pager status apache2.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envenvubuntu 154100x80000000000000002146644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.429{ec230001-8107-6262-508c-5c669a550000}4056/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.429{ec230001-8107-6262-6822-84612c560000}4056/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.429{00000000-0000-0000-0000-000000000000}4055<unknown process>ubuntu 534500x80000000000000002146641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.429{ec230001-8107-6262-785c-b660f6550000}4047/usr/bin/envubuntu 534500x80000000000000002146640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.429{ec230001-8107-6262-d08c-c0f10c560000}4054/bin/systemctlubuntu 154100x80000000000000002146647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.431{ec230001-8107-6262-6802-0ab519560000}4057/bin/dash-----/bin/sh /etc/init.d/apparmor status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.431{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/apparmor status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.431{ec230001-8107-6262-6822-84612c560000}4056/bin/dashubuntu 154100x80000000000000002146648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.433{ec230001-8107-6262-382a-bf285d550000}4058/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 154100x80000000000000002146650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.434{ec230001-8107-6262-d07c-0532e3550000}4059/bin/systemctl-----systemctl -p LoadState --value show apparmor.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 534500x80000000000000002146649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.434{ec230001-8107-6262-382a-bf285d550000}4058/bin/run-partsubuntu 154100x80000000000000002146652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.441{ec230001-8107-6262-c015-483cbe550000}4060/bin/readlink-----readlink -f /etc/init.d/apparmor/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 534500x80000000000000002146651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.441{ec230001-8107-6262-d07c-0532e3550000}4059/bin/systemctlubuntu 154100x80000000000000002146654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.443{ec230001-8107-6262-d05c-ff7a4f560000}4061/bin/systemctl-----systemctl -p CanReload --value show apparmor.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 534500x80000000000000002146653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.443{ec230001-8107-6262-c015-483cbe550000}4060/bin/readlinkubuntu 534500x80000000000000002146655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.448{ec230001-8107-6262-d05c-ff7a4f560000}4061/bin/systemctlubuntu 154100x80000000000000002146656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.449{ec230001-8107-6262-d0ac-137b72550000}4062/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 534500x80000000000000002146657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.453{ec230001-8107-6262-d0ac-137b72550000}4062/bin/systemctlubuntu 154100x80000000000000002146658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.454{ec230001-8107-6262-d09c-8ceed4550000}4063/bin/systemctl-----/bin/systemctl --no-pager status apparmor.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envenvubuntu 154100x80000000000000002146663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.464{ec230001-8107-6262-50ac-160a18560000}4065/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.464{ec230001-8107-6262-6832-22f8d2550000}4065/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.464{ec230001-8107-6262-0000-000000000000}4064-ubuntu 534500x80000000000000002146660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.464{ec230001-8107-6262-786c-3a11c6550000}4057/usr/bin/envubuntu 534500x80000000000000002146659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.464{ec230001-8107-6262-d09c-8ceed4550000}4063/bin/systemctlubuntu 154100x80000000000000002146666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.466{ec230001-8107-6262-6892-22738a550000}4066/bin/dash-----/bin/sh /etc/init.d/apport status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.466{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/apport status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.466{ec230001-8107-6262-6832-22f8d2550000}4065/bin/dashubuntu 534500x80000000000000002146668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.468{ec230001-8107-6262-388a-a46a83550000}4067/bin/run-partsubuntu 154100x80000000000000002146667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.468{ec230001-8107-6262-388a-a46a83550000}4067/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 154100x80000000000000002146669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.469{ec230001-8107-6262-d0fc-65cb2f560000}4068/bin/systemctl-----systemctl -p LoadState --value show apport.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 154100x80000000000000002146671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.475{ec230001-8107-6262-c095-97c10d560000}4069/bin/readlink-----readlink -f /etc/init.d/apport/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 534500x80000000000000002146670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.475{ec230001-8107-6262-d0fc-65cb2f560000}4068/bin/systemctlubuntu 154100x80000000000000002146673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.477{ec230001-8107-6262-d06c-192299550000}4070/bin/systemctl-----systemctl -p CanReload --value show apport.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 534500x80000000000000002146672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.477{ec230001-8107-6262-c095-97c10d560000}4069/bin/readlinkubuntu 534500x80000000000000002146674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.482{ec230001-8107-6262-d06c-192299550000}4070/bin/systemctlubuntu 154100x80000000000000002146675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.483{ec230001-8107-6262-d0ac-fa3a2c560000}4071/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 154100x80000000000000002146677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.488{ec230001-8107-6262-d03c-d83030560000}4072/bin/systemctl-----/bin/systemctl --no-pager status apport.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envenvubuntu 534500x80000000000000002146676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.488{ec230001-8107-6262-d0ac-fa3a2c560000}4071/bin/systemctlubuntu 534500x80000000000000002146678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.499{ec230001-8107-6262-d03c-d83030560000}4072/bin/systemctlubuntu 534500x80000000000000002146679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.500{ec230001-8107-6262-789c-75add3550000}4066/usr/bin/envubuntu 154100x80000000000000002146682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.501{ec230001-8107-6262-50ac-7d2b88550000}4074/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.501{ec230001-8107-6262-6892-6eaef3550000}4074/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.501{00000000-0000-0000-0000-000000000000}4073<unknown process>ubuntu 534500x80000000000000002146683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.502{ec230001-8107-6262-6892-6eaef3550000}4074/bin/dashubuntu 154100x80000000000000002146685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.503{ec230001-8107-6262-6822-15a3ff550000}4075/bin/dash-----/bin/sh /etc/init.d/atd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.503{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/atd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.505{ec230001-8107-6262-386a-471872550000}4076/bin/run-partsubuntu 154100x80000000000000002146686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.505{ec230001-8107-6262-386a-471872550000}4076/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 154100x80000000000000002146688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.506{ec230001-8107-6262-d08c-a98cab550000}4077/bin/systemctl-----systemctl -p LoadState --value show atd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 154100x80000000000000002146690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.513{ec230001-8107-6262-c095-c10fb9550000}4078/bin/readlink-----readlink -f /etc/init.d/atd/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 534500x80000000000000002146689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.513{ec230001-8107-6262-d08c-a98cab550000}4077/bin/systemctlubuntu 154100x80000000000000002146692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.514{ec230001-8107-6262-d0ec-91e98a550000}4079/bin/systemctl-----systemctl -p CanReload --value show atd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 534500x80000000000000002146691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.514{ec230001-8107-6262-c095-c10fb9550000}4078/bin/readlinkubuntu 534500x80000000000000002146693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.521{ec230001-8107-6262-d0ec-91e98a550000}4079/bin/systemctlubuntu 154100x80000000000000002146694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.522{ec230001-8107-6262-d00c-85bd00560000}4080/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 154100x80000000000000002146696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.526{ec230001-8107-6262-d07c-07ce47560000}4081/bin/systemctl-----/bin/systemctl --no-pager status atd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envenvubuntu 534500x80000000000000002146695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.526{ec230001-8107-6262-d00c-85bd00560000}4080/bin/systemctlubuntu 534500x80000000000000002146698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.535{ec230001-8107-6262-787c-6518d4550000}4075/usr/bin/envubuntu 534500x80000000000000002146697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.535{ec230001-8107-6262-d07c-07ce47560000}4081/bin/systemctlubuntu 154100x80000000000000002146701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.536{ec230001-8107-6262-504c-039e86550000}4083/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.536{ec230001-8107-6262-68d2-e00899550000}4083/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.536{00000000-0000-0000-0000-000000000000}4082<unknown process>ubuntu 154100x80000000000000002146704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.537{ec230001-8107-6262-6852-fb6cd9550000}4084/bin/dash-----/bin/sh /etc/init.d/console-setup.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.537{ec230001-8107-6262-78dc-4861a0550000}4084/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/console-setup.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.537{ec230001-8107-6262-68d2-e00899550000}4083/bin/dashubuntu 154100x80000000000000002146708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.539{ec230001-8107-6262-506c-92e144560000}4086/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.539{ec230001-8107-6262-6862-86b6d7550000}4086/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.539{00000000-0000-0000-0000-000000000000}4085<unknown process>ubuntu 534500x80000000000000002146705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.539{ec230001-8107-6262-78dc-4861a0550000}4084/usr/bin/envubuntu 154100x80000000000000002146711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.541{ec230001-8107-6262-6842-f2addc550000}4087/bin/dash-----/bin/sh /etc/init.d/cron status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.541{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/cron status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.541{ec230001-8107-6262-6862-86b6d7550000}4086/bin/dashubuntu 154100x80000000000000002146712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.543{ec230001-8107-6262-385a-758726560000}4088/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 154100x80000000000000002146714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.544{ec230001-8107-6262-d01c-95be88550000}4089/bin/systemctl-----systemctl -p LoadState --value show cron.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 534500x80000000000000002146713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.544{ec230001-8107-6262-385a-758726560000}4088/bin/run-partsubuntu 534500x80000000000000002146715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.556{ec230001-8107-6262-d01c-95be88550000}4089/bin/systemctlubuntu 154100x80000000000000002146716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.557{ec230001-8107-6262-c045-e54351560000}4090/bin/readlink-----readlink -f /etc/init.d/cron/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 154100x80000000000000002146718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.558{ec230001-8107-6262-d08c-c13519560000}4091/bin/systemctl-----systemctl -p CanReload --value show cron.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 534500x80000000000000002146717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.558{ec230001-8107-6262-c045-e54351560000}4090/bin/readlinkubuntu 154100x80000000000000002146720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.563{ec230001-8107-6262-d04c-6f7e88550000}4092/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 534500x80000000000000002146719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.563{ec230001-8107-6262-d08c-c13519560000}4091/bin/systemctlubuntu 154100x80000000000000002146722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.567{ec230001-8107-6262-d0bc-c564ec550000}4093/bin/systemctl-----/bin/systemctl --no-pager status cron.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envenvubuntu 534500x80000000000000002146721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.567{ec230001-8107-6262-d04c-6f7e88550000}4092/bin/systemctlubuntu 534500x80000000000000002146724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.577{ec230001-8107-6262-781c-b9941a560000}4087/usr/bin/envubuntu 534500x80000000000000002146723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.577{ec230001-8107-6262-d0bc-c564ec550000}4093/bin/systemctlubuntu 154100x80000000000000002146727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.578{ec230001-8107-6262-50dc-721c74550000}4095/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.578{ec230001-8107-6262-6802-3dc615560000}4095/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.578{00000000-0000-0000-0000-000000000000}4094<unknown process>ubuntu 534500x80000000000000002146728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.579{ec230001-8107-6262-6802-3dc615560000}4095/bin/dashubuntu 154100x80000000000000002146730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.580{ec230001-8107-6262-68b2-cd6802560000}4096/bin/dash-----/bin/sh /etc/init.d/cryptdisks status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.580{ec230001-8107-6262-780c-beb06f550000}4096/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/cryptdisks status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.581{ec230001-8107-6262-388a-88a477550000}4097/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-beb06f550000}4096/usr/bin/envenvubuntu 154100x80000000000000002146733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.582{ec230001-8107-6262-d06c-e162d1550000}4098/bin/systemctl-----systemctl -p LoadState --value show cryptdisks.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-beb06f550000}4096/usr/bin/envenvubuntu 534500x80000000000000002146732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.582{ec230001-8107-6262-388a-88a477550000}4097/bin/run-partsubuntu 534500x80000000000000002146734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.587{ec230001-8107-6262-d06c-e162d1550000}4098/bin/systemctlubuntu 154100x80000000000000002146738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.588{ec230001-8107-6262-50ac-defcf6550000}4100/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.588{ec230001-8107-6262-6892-db3f67550000}4100/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.588{ec230001-8107-6262-0000-000000000000}4099-ubuntu 534500x80000000000000002146735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.588{ec230001-8107-6262-780c-beb06f550000}4096/usr/bin/envubuntu 154100x80000000000000002146741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.590{ec230001-8107-6262-68a2-fb8432560000}4101/bin/dash-----/bin/sh /etc/init.d/cryptdisks-early status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.590{ec230001-8107-6262-78ec-a78b9f550000}4101/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/cryptdisks-early status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.590{ec230001-8107-6262-6892-db3f67550000}4100/bin/dashubuntu 154100x80000000000000002146742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.592{ec230001-8107-6262-38aa-ae3f5d550000}4102/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78ec-a78b9f550000}4101/usr/bin/envenvubuntu 154100x80000000000000002146744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.593{ec230001-8107-6262-d0ac-732702560000}4103/bin/systemctl-----systemctl -p LoadState --value show cryptdisks-early.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78ec-a78b9f550000}4101/usr/bin/envenvubuntu 534500x80000000000000002146743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.593{ec230001-8107-6262-38aa-ae3f5d550000}4102/bin/run-partsubuntu 534500x80000000000000002146746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.598{ec230001-8107-6262-78ec-a78b9f550000}4101/usr/bin/envubuntu 534500x80000000000000002146745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.598{ec230001-8107-6262-d0ac-732702560000}4103/bin/systemctlubuntu 154100x80000000000000002146749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.599{ec230001-8107-6262-506c-9fd590550000}4105/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.599{ec230001-8107-6262-6882-a3e3dc550000}4105/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.599{ec230001-8107-6262-0000-000000000000}4104-ubuntu 534500x80000000000000002146750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.600{ec230001-8107-6262-6882-a3e3dc550000}4105/bin/dashubuntu 154100x80000000000000002146752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.601{ec230001-8107-6262-6842-edeeb8550000}4106/bin/dash-----/bin/sh /etc/init.d/dbus status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.601{ec230001-8107-6262-784c-152865550000}4106/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/dbus status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.602{ec230001-8107-6262-38aa-d3dbcc550000}4107/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 154100x80000000000000002146755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.603{ec230001-8107-6262-d0dc-453f27560000}4108/bin/systemctl-----systemctl -p LoadState --value show dbus.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 534500x80000000000000002146754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.603{ec230001-8107-6262-38aa-d3dbcc550000}4107/bin/run-partsubuntu 154100x80000000000000002146757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.612{ec230001-8107-6262-c035-fb2d99550000}4109/bin/readlink-----readlink -f /etc/init.d/dbus/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 534500x80000000000000002146756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.612{ec230001-8107-6262-d0dc-453f27560000}4108/bin/systemctlubuntu 154100x80000000000000002146759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.613{ec230001-8107-6262-d04c-0476cb550000}4110/bin/systemctl-----systemctl -p CanReload --value show dbus.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 534500x80000000000000002146758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.613{ec230001-8107-6262-c035-fb2d99550000}4109/bin/readlinkubuntu 154100x80000000000000002146761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.621{ec230001-8107-6262-d03c-1209d7550000}4111/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 534500x80000000000000002146760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.621{ec230001-8107-6262-d04c-0476cb550000}4110/bin/systemctlubuntu 154100x80000000000000002146763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.632{ec230001-8107-6262-d06c-fd55d4550000}4112/bin/systemctl-----/bin/systemctl --no-pager status dbus.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envenvubuntu 534500x80000000000000002146762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.632{ec230001-8107-6262-d03c-1209d7550000}4111/bin/systemctlubuntu 154100x80000000000000002146768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.644{ec230001-8107-6262-500c-b727e0550000}4114/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.644{ec230001-8107-6262-6832-11f87f550000}4114/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.644{00000000-0000-0000-0000-000000000000}4113<unknown process>ubuntu 534500x80000000000000002146765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.644{ec230001-8107-6262-784c-152865550000}4106/usr/bin/envubuntu 534500x80000000000000002146764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.644{ec230001-8107-6262-d06c-fd55d4550000}4112/bin/systemctlubuntu 154100x80000000000000002146771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.646{ec230001-8107-6262-0814-4e96c9550000}4115/bin/bash-----/bin/bash /etc/init.d/ebtables status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.646{ec230001-8107-6262-784c-77ef19560000}4115/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/ebtables status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.646{ec230001-8107-6262-6832-11f87f550000}4114/bin/dashubuntu 534500x80000000000000002146773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.651{ec230001-8107-6262-383a-eb0b04560000}4117/bin/run-partsubuntu 154100x80000000000000002146772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.651{ec230001-8107-6262-383a-eb0b04560000}4117/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4116--- 154100x80000000000000002146775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.652{ec230001-8107-6262-d03c-ddb481550000}4119/bin/systemctl-----systemctl -p LoadState --value show ebtables.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4118--- 534500x80000000000000002146774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.652{ec230001-8107-6262-0000-000000000000}4116-ubuntu 154100x80000000000000002146778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.660{ec230001-8107-6262-c085-316f10560000}4121/bin/readlink-----readlink -f /etc/init.d/ebtables/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4120--- 534500x80000000000000002146777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.660{ec230001-8107-6262-0000-000000000000}4118-ubuntu 534500x80000000000000002146776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.660{ec230001-8107-6262-d03c-ddb481550000}4119/bin/systemctlubuntu 534500x80000000000000002146779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.661{ec230001-8107-6262-c085-316f10560000}4121/bin/readlinkubuntu 154100x80000000000000002146781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.662{ec230001-8107-6262-d03c-463a9a550000}4123/bin/systemctl-----systemctl -p CanReload --value show ebtables.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4122--- 534500x80000000000000002146780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.662{ec230001-8107-6262-0000-000000000000}4120-ubuntu 534500x80000000000000002146783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.668{00000000-0000-0000-0000-000000000000}4122<unknown process>ubuntu 534500x80000000000000002146782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.668{ec230001-8107-6262-d03c-463a9a550000}4123/bin/systemctlubuntu 154100x80000000000000002146784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.669{ec230001-8107-6262-d06c-61fb9c550000}4125/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4124--- 154100x80000000000000002146787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.674{ec230001-8107-6262-d0bc-482bd3550000}4126/bin/systemctl-----/bin/systemctl --no-pager status ebtables.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-77ef19560000}4115/usr/bin/envenvubuntu 534500x80000000000000002146786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.674{00000000-0000-0000-0000-000000000000}4124<unknown process>ubuntu 534500x80000000000000002146785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.674{ec230001-8107-6262-d06c-61fb9c550000}4125/bin/systemctlubuntu 534500x80000000000000002146789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.687{ec230001-8107-6262-784c-77ef19560000}4115/usr/bin/envubuntu 534500x80000000000000002146788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.687{ec230001-8107-6262-d0bc-482bd3550000}4126/bin/systemctlubuntu 154100x80000000000000002146792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.688{ec230001-8107-6262-503c-25261d560000}4128/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.688{ec230001-8107-6262-68c2-80b268550000}4128/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.688{00000000-0000-0000-0000-000000000000}4127<unknown process>ubuntu 154100x80000000000000002146795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.690{ec230001-8107-6262-6872-6ff0c5550000}4129/bin/dash-----/bin/sh /etc/init.d/grub-common status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.690{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/grub-common status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.690{ec230001-8107-6262-68c2-80b268550000}4128/bin/dashubuntu 154100x80000000000000002146796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.692{ec230001-8107-6262-68b2-24584c560000}4130/bin/dash-----/bin/sh /usr/bin/which grub-editenv/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 154100x80000000000000002146798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.693{ec230001-8107-6262-38ea-c33500560000}4131/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 534500x80000000000000002146797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.693{ec230001-8107-6262-68b2-24584c560000}4130/bin/dashubuntu 154100x80000000000000002146800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.694{ec230001-8107-6262-d04c-1b7669550000}4132/bin/systemctl-----systemctl -p LoadState --value show grub-common.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 534500x80000000000000002146799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.694{ec230001-8107-6262-38ea-c33500560000}4131/bin/run-partsubuntu 534500x80000000000000002146801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.702{ec230001-8107-6262-d04c-1b7669550000}4132/bin/systemctlubuntu 154100x80000000000000002146802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.703{ec230001-8107-6262-c0e5-ff582c560000}4133/bin/readlink-----readlink -f /etc/init.d/grub-common/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 154100x80000000000000002146804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.705{ec230001-8107-6262-d06c-461249560000}4134/bin/systemctl-----systemctl -p CanReload --value show grub-common.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 534500x80000000000000002146803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.705{ec230001-8107-6262-c0e5-ff582c560000}4133/bin/readlinkubuntu 534500x80000000000000002146805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.711{ec230001-8107-6262-d06c-461249560000}4134/bin/systemctlubuntu 154100x80000000000000002146806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.712{ec230001-8107-6262-d00c-ef4849560000}4135/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 154100x80000000000000002146808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.715{ec230001-8107-6262-d02c-277182550000}4136/bin/systemctl-----/bin/systemctl --no-pager status grub-common.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envenvubuntu 534500x80000000000000002146807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.715{ec230001-8107-6262-d00c-ef4849560000}4135/bin/systemctlubuntu 154100x80000000000000002146813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.725{ec230001-8107-6262-50dc-0151ea550000}4138/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.725{ec230001-8107-6262-6802-5d7916560000}4138/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.725{00000000-0000-0000-0000-000000000000}4137<unknown process>ubuntu 534500x80000000000000002146810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.725{ec230001-8107-6262-784c-76ce27560000}4129/usr/bin/envubuntu 534500x80000000000000002146809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.725{ec230001-8107-6262-d02c-277182550000}4136/bin/systemctlubuntu 534500x80000000000000002146814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.726{ec230001-8107-6262-6802-5d7916560000}4138/bin/dashubuntu 154100x80000000000000002146816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.727{ec230001-8107-6262-6862-6f421c560000}4139/bin/dash-----/bin/sh /etc/init.d/hibagent status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.727{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/hibagent status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.728{ec230001-8107-6262-384a-621432560000}4140/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 154100x80000000000000002146819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.729{ec230001-8107-6262-d02c-127010560000}4141/bin/systemctl-----systemctl -p LoadState --value show hibagent.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 534500x80000000000000002146818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.729{ec230001-8107-6262-384a-621432560000}4140/bin/run-partsubuntu 154100x80000000000000002146821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.737{ec230001-8107-6262-c0c5-d6164f560000}4142/bin/readlink-----readlink -f /etc/init.d/hibagent/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 534500x80000000000000002146820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.737{ec230001-8107-6262-d02c-127010560000}4141/bin/systemctlubuntu 154100x80000000000000002146823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.738{ec230001-8107-6262-d0ec-8e6202560000}4143/bin/systemctl-----systemctl -p CanReload --value show hibagent.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 534500x80000000000000002146822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.738{ec230001-8107-6262-c0c5-d6164f560000}4142/bin/readlinkubuntu 154100x80000000000000002146825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.746{ec230001-8107-6262-d08c-873318560000}4144/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 534500x80000000000000002146824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.746{ec230001-8107-6262-d0ec-8e6202560000}4143/bin/systemctlubuntu 154100x80000000000000002146827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.751{ec230001-8107-6262-d08c-7524cb550000}4145/bin/systemctl-----/bin/systemctl --no-pager status hibagent.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envenvubuntu 534500x80000000000000002146826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.751{ec230001-8107-6262-d08c-873318560000}4144/bin/systemctlubuntu 534500x80000000000000002146829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.760{ec230001-8107-6262-780c-5eb64c560000}4139/usr/bin/envubuntu 534500x80000000000000002146828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.760{ec230001-8107-6262-d08c-7524cb550000}4145/bin/systemctlubuntu 154100x80000000000000002146832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.761{ec230001-8107-6262-50ec-facbf9550000}4147/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.761{ec230001-8107-6262-68d2-35ca8d550000}4147/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.761{ec230001-8107-6262-0000-000000000000}4146-ubuntu 154100x80000000000000002146835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.762{ec230001-8107-6262-6872-32b110560000}4148/bin/dash-----/bin/sh /etc/init.d/hwclock.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.762{ec230001-8107-6262-78ec-b12e85550000}4148/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/hwclock.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.762{ec230001-8107-6262-68d2-35ca8d550000}4147/bin/dashubuntu 154100x80000000000000002146836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.764{ec230001-8107-6262-38fa-41294a560000}4149/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78ec-b12e85550000}4148/usr/bin/envenvubuntu 154100x80000000000000002146838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.765{ec230001-8107-6262-d0ac-afd615560000}4150/bin/systemctl-----systemctl -p LoadState --value show hwclock.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78ec-b12e85550000}4148/usr/bin/envenvubuntu 534500x80000000000000002146837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.765{ec230001-8107-6262-38fa-41294a560000}4149/bin/run-partsubuntu 534500x80000000000000002146840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.773{ec230001-8107-6262-78ec-b12e85550000}4148/usr/bin/envubuntu 534500x80000000000000002146839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.773{ec230001-8107-6262-d0ac-afd615560000}4150/bin/systemctlubuntu 154100x80000000000000002146843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.774{ec230001-8107-6262-50ec-27e959550000}4152/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.774{ec230001-8107-6262-6842-73c64e560000}4152/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.774{00000000-0000-0000-0000-000000000000}4151<unknown process>ubuntu 534500x80000000000000002146844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.775{ec230001-8107-6262-6842-73c64e560000}4152/bin/dashubuntu 154100x80000000000000002146846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.776{ec230001-8107-6262-6872-0250ea550000}4153/bin/dash-----/bin/sh /etc/init.d/irqbalance status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.776{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/irqbalance status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.777{ec230001-8107-6262-386a-8e2056550000}4154/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 154100x80000000000000002146849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.778{ec230001-8107-6262-d05c-f07765550000}4155/bin/systemctl-----systemctl -p LoadState --value show irqbalance.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 534500x80000000000000002146848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.778{ec230001-8107-6262-386a-8e2056550000}4154/bin/run-partsubuntu 154100x80000000000000002146851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.787{ec230001-8107-6262-c035-ca3c18560000}4156/bin/readlink-----readlink -f /etc/init.d/irqbalance/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 534500x80000000000000002146850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.787{ec230001-8107-6262-d05c-f07765550000}4155/bin/systemctlubuntu 154100x80000000000000002146853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.788{ec230001-8107-6262-d09c-000dd6550000}4157/bin/systemctl-----systemctl -p CanReload --value show irqbalance.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 534500x80000000000000002146852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.788{ec230001-8107-6262-c035-ca3c18560000}4156/bin/readlinkubuntu 154100x80000000000000002146855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.793{ec230001-8107-6262-d0ac-9cc6cd550000}4158/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 534500x80000000000000002146854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.793{ec230001-8107-6262-d09c-000dd6550000}4157/bin/systemctlubuntu 154100x80000000000000002146857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.797{ec230001-8107-6262-d08c-3fb7ce550000}4159/bin/systemctl-----/bin/systemctl --no-pager status irqbalance.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envenvubuntu 534500x80000000000000002146856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.797{ec230001-8107-6262-d0ac-9cc6cd550000}4158/bin/systemctlubuntu 534500x80000000000000002146858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.806{ec230001-8107-6262-d08c-3fb7ce550000}4159/bin/systemctlubuntu 154100x80000000000000002146862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.807{ec230001-8107-6262-50bc-ec7d66550000}4161/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.807{ec230001-8107-6262-6802-49e2aa550000}4161/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.807{00000000-0000-0000-0000-000000000000}4160<unknown process>ubuntu 534500x80000000000000002146859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.807{ec230001-8107-6262-781c-a5d8c9550000}4153/usr/bin/envubuntu 534500x80000000000000002146863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.808{ec230001-8107-6262-6802-49e2aa550000}4161/bin/dashubuntu 154100x80000000000000002146865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.809{ec230001-8107-6262-6822-9313b6550000}4162/bin/dash-----/bin/sh /etc/init.d/iscsid status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.809{ec230001-8107-6262-781c-676982550000}4162/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/iscsid status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.810{ec230001-8107-6262-38ba-21f793550000}4163/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 154100x80000000000000002146868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.811{ec230001-8107-6262-d00c-1c3793550000}4164/bin/systemctl-----systemctl -p LoadState --value show iscsid.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.811{ec230001-8107-6262-38ba-21f793550000}4163/bin/run-partsubuntu 154100x80000000000000002146870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.821{ec230001-8107-6262-c035-e6d9ea550000}4165/bin/readlink-----readlink -f /etc/init.d/iscsid/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.821{ec230001-8107-6262-d00c-1c3793550000}4164/bin/systemctlubuntu 154100x80000000000000002146872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.822{ec230001-8107-6262-d03c-e045d2550000}4166/bin/systemctl-----systemctl -p CanReload --value show iscsid.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.822{ec230001-8107-6262-c035-e6d9ea550000}4165/bin/readlinkubuntu 154100x80000000000000002146874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.827{ec230001-8107-6262-7832-b7987f550000}4167/bin/plymouth-----plymouth --ping/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.827{ec230001-8107-6262-d03c-e045d2550000}4166/bin/systemctlubuntu 154100x80000000000000002146876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.828{ec230001-8107-6262-e83b-0402b4550000}4168/usr/bin/basename-----basename /etc/init.d/iscsid/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.828{ec230001-8107-6262-7832-b7987f550000}4167/bin/plymouthubuntu 154100x80000000000000002146878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.829{ec230001-8107-6262-e8eb-1f58e8550000}4169/usr/bin/basename-----basename /sbin/iscsid/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.829{ec230001-8107-6262-e83b-0402b4550000}4168/usr/bin/basenameubuntu 154100x80000000000000002146880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.830{ec230001-8107-6262-d079-366673550000}4170/bin/cat-----cat /proc/cmdline/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.830{ec230001-8107-6262-e8eb-1f58e8550000}4169/usr/bin/basenameubuntu 154100x80000000000000002146882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.831{ec230001-8107-6262-78ef-536c4d560000}4171/sbin/killall5-----/bin/pidof -o %PPID -x /sbin/iscsid/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envenvubuntu 534500x80000000000000002146881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.831{ec230001-8107-6262-d079-366673550000}4170/bin/catubuntu 154100x80000000000000002146887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.838{ec230001-8107-6262-500c-262e3c560000}4173/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.838{ec230001-8107-6262-6812-6a1b14560000}4173/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.838{00000000-0000-0000-0000-000000000000}4172<unknown process>ubuntu 534500x80000000000000002146884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.838{ec230001-8107-6262-781c-676982550000}4162/usr/bin/envubuntu 534500x80000000000000002146883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.838{ec230001-8107-6262-78ef-536c4d560000}4171/sbin/killall5ubuntu 154100x80000000000000002146890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.841{ec230001-8107-6262-6832-09a3a1550000}4174/bin/dash-----/bin/sh /etc/init.d/keyboard-setup.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.841{ec230001-8107-6262-788c-cffe41560000}4174/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/keyboard-setup.sh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.841{ec230001-8107-6262-6812-6a1b14560000}4173/bin/dashubuntu 154100x80000000000000002146894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.843{ec230001-8107-6262-50dc-0feb04560000}4176/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.843{ec230001-8107-6262-68c2-c8ff51560000}4176/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.843{ec230001-8107-6262-0000-000000000000}4175-ubuntu 534500x80000000000000002146891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.843{ec230001-8107-6262-788c-cffe41560000}4174/usr/bin/envubuntu 154100x80000000000000002146897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.845{ec230001-8107-6262-6862-5f5d7e550000}4177/bin/dash-----/bin/sh -e /etc/init.d/kmod status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.845{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/kmod status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.845{ec230001-8107-6262-68c2-c8ff51560000}4176/bin/dashubuntu 154100x80000000000000002146898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.846{ec230001-8107-6262-382a-861385550000}4178/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 154100x80000000000000002146900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.847{ec230001-8107-6262-d0dc-c04e19560000}4179/bin/systemctl-----systemctl -p LoadState --value show kmod.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 534500x80000000000000002146899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.847{ec230001-8107-6262-382a-861385550000}4178/bin/run-partsubuntu 154100x80000000000000002146902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.856{ec230001-8107-6262-c035-570738560000}4180/bin/readlink-----readlink -f /etc/init.d/kmod/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 534500x80000000000000002146901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.856{ec230001-8107-6262-d0dc-c04e19560000}4179/bin/systemctlubuntu 154100x80000000000000002146904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.857{ec230001-8107-6262-d0bc-f5b985550000}4181/bin/systemctl-----systemctl -p CanReload --value show kmod.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 534500x80000000000000002146903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.857{ec230001-8107-6262-c035-570738560000}4180/bin/readlinkubuntu 154100x80000000000000002146906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.863{ec230001-8107-6262-d06c-1fdf50560000}4182/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 534500x80000000000000002146905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.863{ec230001-8107-6262-d0bc-f5b985550000}4181/bin/systemctlubuntu 154100x80000000000000002146908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.867{ec230001-8107-6262-d01c-2f48fc550000}4183/bin/systemctl-----/bin/systemctl --no-pager status kmod.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envenvubuntu 534500x80000000000000002146907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.867{ec230001-8107-6262-d06c-1fdf50560000}4182/bin/systemctlubuntu 154100x80000000000000002146913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.875{ec230001-8107-6262-503c-7c5969550000}4185/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.875{ec230001-8107-6262-68c2-afac51560000}4185/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.875{00000000-0000-0000-0000-000000000000}4184<unknown process>ubuntu 534500x80000000000000002146910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.875{ec230001-8107-6262-785c-f0e126560000}4177/usr/bin/envubuntu 534500x80000000000000002146909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.875{ec230001-8107-6262-d01c-2f48fc550000}4183/bin/systemctlubuntu 154100x80000000000000002146916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.877{ec230001-8107-6262-6872-358d78550000}4186/bin/dash-----/bin/sh /etc/init.d/lvm2 status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.877{ec230001-8107-6262-781c-cf1970550000}4186/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/lvm2 status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.877{ec230001-8107-6262-68c2-afac51560000}4185/bin/dashubuntu 154100x80000000000000002146917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.879{ec230001-8107-6262-38fa-b629ca550000}4187/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-cf1970550000}4186/usr/bin/envenvubuntu 154100x80000000000000002146919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.880{ec230001-8107-6262-d0dc-f51d6b550000}4188/bin/systemctl-----systemctl -p LoadState --value show lvm2.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-781c-cf1970550000}4186/usr/bin/envenvubuntu 534500x80000000000000002146918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.880{ec230001-8107-6262-38fa-b629ca550000}4187/bin/run-partsubuntu 154100x80000000000000002146924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.885{ec230001-8107-6262-50bc-9a47ca550000}4190/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.885{ec230001-8107-6262-68e2-865a7b550000}4190/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.885{ec230001-8107-6262-0000-000000000000}4189-ubuntu 534500x80000000000000002146921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.885{ec230001-8107-6262-781c-cf1970550000}4186/usr/bin/envubuntu 534500x80000000000000002146920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.885{ec230001-8107-6262-d0dc-f51d6b550000}4188/bin/systemctlubuntu 154100x80000000000000002146927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.887{ec230001-8107-6262-6802-c5d267550000}4191/bin/dash-----/bin/sh /etc/init.d/lvm2-lvmetad status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.887{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/lvm2-lvmetad status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.887{ec230001-8107-6262-68e2-865a7b550000}4190/bin/dashubuntu 154100x80000000000000002146928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.894{ec230001-8107-6262-38ca-3a3232560000}4192/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 154100x80000000000000002146930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.895{ec230001-8107-6262-d0ac-ce5687550000}4193/bin/systemctl-----systemctl -p LoadState --value show lvm2-lvmetad.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.895{ec230001-8107-6262-38ca-3a3232560000}4192/bin/run-partsubuntu 154100x80000000000000002146932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.906{ec230001-8107-6262-c0d5-9a3245560000}4194/bin/readlink-----readlink -f /etc/init.d/lvm2-lvmetad/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.906{ec230001-8107-6262-d0ac-ce5687550000}4193/bin/systemctlubuntu 154100x80000000000000002146934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.907{ec230001-8107-6262-d00c-fb300e560000}4195/bin/systemctl-----systemctl -p CanReload --value show lvm2-lvmetad.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.907{ec230001-8107-6262-c0d5-9a3245560000}4194/bin/readlinkubuntu 534500x80000000000000002146935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.913{ec230001-8107-6262-d00c-fb300e560000}4195/bin/systemctlubuntu 154100x80000000000000002146936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.914{ec230001-8107-6262-7822-55811f560000}4196/bin/plymouth-----plymouth --ping/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 154100x80000000000000002146938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.915{ec230001-8107-6262-e83b-16b130560000}4197/usr/bin/basename-----basename /etc/init.d/lvm2-lvmetad/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.915{ec230001-8107-6262-7822-55811f560000}4196/bin/plymouthubuntu 154100x80000000000000002146940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.916{ec230001-8107-6262-e87b-e9cdb8550000}4198/usr/bin/basename-----basename /sbin/lvmetad/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.916{ec230001-8107-6262-e83b-16b130560000}4197/usr/bin/basenameubuntu 154100x80000000000000002146942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.917{ec230001-8107-6262-d0f9-30bf78550000}4199/bin/cat-----cat /proc/cmdline/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.917{ec230001-8107-6262-e87b-e9cdb8550000}4198/usr/bin/basenameubuntu 534500x80000000000000002146943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.918{ec230001-8107-6262-d0f9-30bf78550000}4199/bin/catubuntu 154100x80000000000000002146945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.919{ec230001-8107-6262-6894-6a40c5550000}4201/bin/ps-----ps 468/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envenvubuntu 534500x80000000000000002146944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.919{00000000-0000-0000-0000-000000000000}4200<unknown process>ubuntu 534500x80000000000000002146946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.928{ec230001-8107-6262-6894-6a40c5550000}4201/bin/psubuntu 154100x80000000000000002146950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.929{ec230001-8107-6262-502c-07f899550000}4203/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.929{ec230001-8107-6262-68d2-c27e5d550000}4203/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.929{00000000-0000-0000-0000-000000000000}4202<unknown process>ubuntu 534500x80000000000000002146947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.929{ec230001-8107-6262-785c-40b83c560000}4191/usr/bin/envubuntu 154100x80000000000000002146953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.931{ec230001-8107-6262-6892-38a04d560000}4204/bin/dash-----/bin/sh /etc/init.d/lvm2-lvmpolld status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.931{ec230001-8107-6262-783c-976480550000}4204/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/lvm2-lvmpolld status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.931{ec230001-8107-6262-68d2-c27e5d550000}4203/bin/dashubuntu 534500x80000000000000002146955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.933{ec230001-8107-6262-38fa-250e2e560000}4205/bin/run-partsubuntu 154100x80000000000000002146954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.933{ec230001-8107-6262-38fa-250e2e560000}4205/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 154100x80000000000000002146956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.934{ec230001-8107-6262-d0ec-e9908a550000}4206/bin/systemctl-----systemctl -p LoadState --value show lvm2-lvmpolld.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 154100x80000000000000002146958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.946{ec230001-8107-6262-c0e5-6f5d17560000}4207/bin/readlink-----readlink -f /etc/init.d/lvm2-lvmpolld/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.946{ec230001-8107-6262-d0ec-e9908a550000}4206/bin/systemctlubuntu 154100x80000000000000002146960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.947{ec230001-8107-6262-d07c-525570550000}4208/bin/systemctl-----systemctl -p CanReload --value show lvm2-lvmpolld.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.947{ec230001-8107-6262-c0e5-6f5d17560000}4207/bin/readlinkubuntu 154100x80000000000000002146962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.953{ec230001-8107-6262-78f2-ad4034560000}4209/bin/plymouth-----plymouth --ping/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.953{ec230001-8107-6262-d07c-525570550000}4208/bin/systemctlubuntu 154100x80000000000000002146964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.954{ec230001-8107-6262-e8eb-827575550000}4210/usr/bin/basename-----basename /etc/init.d/lvm2-lvmpolld/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.954{ec230001-8107-6262-78f2-ad4034560000}4209/bin/plymouthubuntu 154100x80000000000000002146966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.955{ec230001-8107-6262-e8ab-a3220b560000}4211/usr/bin/basename-----basename /sbin/lvmpolld/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.955{ec230001-8107-6262-e8eb-827575550000}4210/usr/bin/basenameubuntu 154100x80000000000000002146968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.956{ec230001-8107-6262-d019-1b4e5b550000}4212/bin/cat-----cat /proc/cmdline/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.956{ec230001-8107-6262-e8ab-a3220b560000}4211/usr/bin/basenameubuntu 534500x80000000000000002146969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.957{ec230001-8107-6262-d019-1b4e5b550000}4212/bin/catubuntu 154100x80000000000000002146970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.958{ec230001-8107-6262-788f-6f3a58550000}4213/sbin/killall5-----/bin/pidof -o %PPID -x /sbin/lvmpolld/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envenvubuntu 534500x80000000000000002146971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.964{ec230001-8107-6262-788f-6f3a58550000}4213/sbin/killall5ubuntu 154100x80000000000000002146975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.965{ec230001-8107-6262-508c-640ad8550000}4215/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.965{ec230001-8107-6262-6872-0d0c00560000}4215/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.965{ec230001-8107-6262-0000-000000000000}4214-ubuntu 534500x80000000000000002146972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.965{ec230001-8107-6262-783c-976480550000}4204/usr/bin/envubuntu 154100x80000000000000002146978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.967{ec230001-8107-6262-6882-101b3b560000}4216/bin/dash-----/bin/sh /etc/init.d/lxcfs status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.967{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/lxcfs status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.967{ec230001-8107-6262-6872-0d0c00560000}4215/bin/dashubuntu 154100x80000000000000002146979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.968{ec230001-8107-6262-38aa-702aaa550000}4217/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 154100x80000000000000002146981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.969{ec230001-8107-6262-d0dc-0b7667550000}4218/bin/systemctl-----systemctl -p LoadState --value show lxcfs.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 534500x80000000000000002146980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.969{ec230001-8107-6262-38aa-702aaa550000}4217/bin/run-partsubuntu 154100x80000000000000002146983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.976{ec230001-8107-6262-c095-deed03560000}4219/bin/readlink-----readlink -f /etc/init.d/lxcfs/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 534500x80000000000000002146982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.976{ec230001-8107-6262-d0dc-0b7667550000}4218/bin/systemctlubuntu 154100x80000000000000002146985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.977{ec230001-8107-6262-d03c-63efdc550000}4220/bin/systemctl-----systemctl -p CanReload --value show lxcfs.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 534500x80000000000000002146984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.977{ec230001-8107-6262-c095-deed03560000}4219/bin/readlinkubuntu 154100x80000000000000002146987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.982{ec230001-8107-6262-d02c-ea8295550000}4221/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 534500x80000000000000002146986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.982{ec230001-8107-6262-d03c-63efdc550000}4220/bin/systemctlubuntu 154100x80000000000000002146989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.986{ec230001-8107-6262-d07c-06f769550000}4222/bin/systemctl-----/bin/systemctl --no-pager status lxcfs.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envenvubuntu 534500x80000000000000002146988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.986{ec230001-8107-6262-d02c-ea8295550000}4221/bin/systemctlubuntu 154100x80000000000000002146994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.998{ec230001-8107-6262-50bc-c4d313560000}4224/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.998{ec230001-8107-6262-6892-867dbd550000}4224/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.998{ec230001-8107-6262-78dc-f3d8d7550000}4216/usr/bin/envubuntu 534500x80000000000000002146990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.998{ec230001-8107-6262-d07c-06f769550000}4222/bin/systemctlubuntu 534500x80000000000000002146992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:47.999{00000000-0000-0000-0000-000000000000}4223<unknown process>ubuntu 154100x80000000000000002146997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.000{ec230001-8108-6262-6862-85952e560000}4225/bin/dash-----/bin/sh /etc/init.d/lxd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002146996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.000{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/lxd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002146995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.000{ec230001-8107-6262-6892-867dbd550000}4224/bin/dashubuntu 154100x80000000000000002146998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.002{ec230001-8108-6262-38ba-83954a560000}4226/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 154100x80000000000000002147000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.003{ec230001-8108-6262-d05c-9a33b1550000}4227/bin/systemctl-----systemctl -p LoadState --value show lxd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 534500x80000000000000002146999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.003{ec230001-8108-6262-38ba-83954a560000}4226/bin/run-partsubuntu 154100x80000000000000002147002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.012{ec230001-8108-6262-c0d5-4b7a13560000}4228/bin/readlink-----readlink -f /etc/init.d/lxd/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 534500x80000000000000002147001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.012{ec230001-8108-6262-d05c-9a33b1550000}4227/bin/systemctlubuntu 154100x80000000000000002147004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.013{ec230001-8108-6262-d0bc-95b8cf550000}4229/bin/systemctl-----systemctl -p CanReload --value show lxd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 534500x80000000000000002147003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.013{ec230001-8108-6262-c0d5-4b7a13560000}4228/bin/readlinkubuntu 154100x80000000000000002147006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.022{ec230001-8108-6262-d07c-67a21c560000}4230/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 534500x80000000000000002147005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.022{ec230001-8108-6262-d0bc-95b8cf550000}4229/bin/systemctlubuntu 154100x80000000000000002147008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.026{ec230001-8108-6262-d09c-698cfb550000}4231/bin/systemctl-----/bin/systemctl --no-pager status lxd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envenvubuntu 534500x80000000000000002147007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.026{ec230001-8108-6262-d07c-67a21c560000}4230/bin/systemctlubuntu 154100x80000000000000002147013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.035{ec230001-8108-6262-50fc-29589b550000}4233/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.035{ec230001-8108-6262-6882-9d7118560000}4233/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.035{00000000-0000-0000-0000-000000000000}4232<unknown process>ubuntu 534500x80000000000000002147010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.035{ec230001-8108-6262-78fc-ff3846560000}4225/usr/bin/envubuntu 534500x80000000000000002147009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.035{ec230001-8108-6262-d09c-698cfb550000}4231/bin/systemctlubuntu 154100x80000000000000002147016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.037{ec230001-8108-6262-6862-9feed2550000}4234/bin/dash-----/bin/sh /etc/init.d/mdadm status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.037{ec230001-8108-6262-781c-70d1d6550000}4234/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/mdadm status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.037{ec230001-8108-6262-6882-9d7118560000}4233/bin/dashubuntu 534500x80000000000000002147018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.040{ec230001-8108-6262-38fa-bbc276550000}4235/bin/run-partsubuntu 154100x80000000000000002147017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.040{ec230001-8108-6262-38fa-bbc276550000}4235/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-70d1d6550000}4234/usr/bin/envenvubuntu 154100x80000000000000002147019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.041{ec230001-8108-6262-d02c-211ad1550000}4236/bin/systemctl-----systemctl -p LoadState --value show mdadm.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-70d1d6550000}4234/usr/bin/envenvubuntu 154100x80000000000000002147024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.046{ec230001-8108-6262-50ec-9f1ff7550000}4238/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.046{ec230001-8108-6262-68c2-c6e9fd550000}4238/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.046{00000000-0000-0000-0000-000000000000}4237<unknown process>ubuntu 534500x80000000000000002147021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.046{ec230001-8108-6262-781c-70d1d6550000}4234/usr/bin/envubuntu 534500x80000000000000002147020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.046{ec230001-8108-6262-d02c-211ad1550000}4236/bin/systemctlubuntu 154100x80000000000000002147027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.048{ec230001-8108-6262-6822-6f746e550000}4239/bin/dash-----/bin/sh /etc/init.d/mdadm-waitidle status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.048{ec230001-8108-6262-78dc-762ac8550000}4239/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/mdadm-waitidle status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.048{ec230001-8108-6262-68c2-c6e9fd550000}4238/bin/dashubuntu 154100x80000000000000002147028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.050{ec230001-8108-6262-383a-3c5161550000}4240/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78dc-762ac8550000}4239/usr/bin/envenvubuntu 154100x80000000000000002147030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.051{ec230001-8108-6262-d02c-1e4600560000}4241/bin/systemctl-----systemctl -p LoadState --value show mdadm-waitidle.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78dc-762ac8550000}4239/usr/bin/envenvubuntu 534500x80000000000000002147029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.051{ec230001-8108-6262-383a-3c5161550000}4240/bin/run-partsubuntu 534500x80000000000000002147031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.056{ec230001-8108-6262-d02c-1e4600560000}4241/bin/systemctlubuntu 154100x80000000000000002147035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.057{ec230001-8108-6262-50ec-3cff01560000}4243/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.057{ec230001-8108-6262-6892-f8574e560000}4243/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.057{ec230001-8107-6262-0000-000000000000}4242-ubuntu 534500x80000000000000002147032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.057{ec230001-8108-6262-78dc-762ac8550000}4239/usr/bin/envubuntu 154100x80000000000000002147038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.059{ec230001-8108-6262-68e2-61cb5e550000}4244/bin/dash-----/bin/sh /etc/init.d/open-iscsi status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.059{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/open-iscsi status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.059{ec230001-8108-6262-6892-f8574e560000}4243/bin/dashubuntu 154100x80000000000000002147039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.060{ec230001-8108-6262-382a-da45c8550000}4245/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 534500x80000000000000002147040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.061{ec230001-8108-6262-382a-da45c8550000}4245/bin/run-partsubuntu 154100x80000000000000002147041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.062{ec230001-8108-6262-d09c-7f5982550000}4246/bin/systemctl-----systemctl -p LoadState --value show open-iscsi.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 154100x80000000000000002147043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.070{ec230001-8108-6262-c0e5-b845ab550000}4247/bin/readlink-----readlink -f /etc/init.d/open-iscsi/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 534500x80000000000000002147042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.070{ec230001-8108-6262-d09c-7f5982550000}4246/bin/systemctlubuntu 154100x80000000000000002147045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.071{ec230001-8108-6262-d06c-6455e3550000}4248/bin/systemctl-----systemctl -p CanReload --value show open-iscsi.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 534500x80000000000000002147044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.071{ec230001-8108-6262-c0e5-b845ab550000}4247/bin/readlinkubuntu 154100x80000000000000002147047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.077{ec230001-8108-6262-d04c-09b7cf550000}4249/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 534500x80000000000000002147046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.077{ec230001-8108-6262-d06c-6455e3550000}4248/bin/systemctlubuntu 154100x80000000000000002147049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.081{ec230001-8108-6262-d0dc-f6fdd5550000}4250/bin/systemctl-----/bin/systemctl --no-pager status open-iscsi.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envenvubuntu 534500x80000000000000002147048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.081{ec230001-8108-6262-d04c-09b7cf550000}4249/bin/systemctlubuntu 534500x80000000000000002147051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.089{ec230001-8108-6262-780c-fd83e5550000}4244/usr/bin/envubuntu 534500x80000000000000002147050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.089{ec230001-8108-6262-d0dc-f6fdd5550000}4250/bin/systemctlubuntu 154100x80000000000000002147054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.090{ec230001-8108-6262-505c-450249560000}4252/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.090{ec230001-8108-6262-6812-ef64ae550000}4252/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.090{ec230001-8107-6262-0000-000000000000}4251-ubuntu 154100x80000000000000002147057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.091{ec230001-8108-6262-6832-9eb226560000}4253/bin/dash-----/bin/sh /etc/init.d/open-vm-tools status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.091{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/open-vm-tools status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.091{ec230001-8108-6262-6812-ef64ae550000}4252/bin/dashubuntu 154100x80000000000000002147058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.093{ec230001-8108-6262-389a-9dcbb2550000}4254/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 154100x80000000000000002147060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.094{ec230001-8108-6262-d05c-1dec70550000}4255/bin/systemctl-----systemctl -p LoadState --value show open-vm-tools.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 534500x80000000000000002147059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.094{ec230001-8108-6262-389a-9dcbb2550000}4254/bin/run-partsubuntu 154100x80000000000000002147062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.100{ec230001-8108-6262-c0f5-4763d7550000}4256/bin/readlink-----readlink -f /etc/init.d/open-vm-tools/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 534500x80000000000000002147061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.100{ec230001-8108-6262-d05c-1dec70550000}4255/bin/systemctlubuntu 154100x80000000000000002147064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.101{ec230001-8108-6262-d07c-a9e23f560000}4257/bin/systemctl-----systemctl -p CanReload --value show open-vm-tools.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 534500x80000000000000002147063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.101{ec230001-8108-6262-c0f5-4763d7550000}4256/bin/readlinkubuntu 534500x80000000000000002147065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.106{ec230001-8108-6262-d07c-a9e23f560000}4257/bin/systemctlubuntu 154100x80000000000000002147066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.107{ec230001-8108-6262-d02c-1e07c8550000}4258/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 154100x80000000000000002147068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.111{ec230001-8108-6262-d06c-91c761550000}4259/bin/systemctl-----/bin/systemctl --no-pager status open-vm-tools.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envenvubuntu 534500x80000000000000002147067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.111{ec230001-8108-6262-d02c-1e07c8550000}4258/bin/systemctlubuntu 534500x80000000000000002147070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.118{ec230001-8108-6262-780c-a7b8ea550000}4253/usr/bin/envubuntu 534500x80000000000000002147069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.118{ec230001-8108-6262-d06c-91c761550000}4259/bin/systemctlubuntu 154100x80000000000000002147073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.119{ec230001-8108-6262-50cc-e076d0550000}4261/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.119{ec230001-8108-6262-6862-dd8a6e550000}4261/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.119{ec230001-8108-6262-0000-000000000000}4260-ubuntu 154100x80000000000000002147076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.121{ec230001-8108-6262-6822-fe76d6550000}4262/bin/dash-----/bin/sh /etc/init.d/plymouth status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.121{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/plymouth status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.121{ec230001-8108-6262-6862-dd8a6e550000}4261/bin/dashubuntu 154100x80000000000000002147077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.122{ec230001-8108-6262-380a-8843fd550000}4263/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 154100x80000000000000002147079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.123{ec230001-8108-6262-d0fc-12a62c560000}4264/bin/systemctl-----systemctl -p LoadState --value show plymouth.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 534500x80000000000000002147078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.123{ec230001-8108-6262-380a-8843fd550000}4263/bin/run-partsubuntu 154100x80000000000000002147081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.132{ec230001-8108-6262-c035-416614560000}4265/bin/readlink-----readlink -f /etc/init.d/plymouth/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 534500x80000000000000002147080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.132{ec230001-8108-6262-d0fc-12a62c560000}4264/bin/systemctlubuntu 154100x80000000000000002147083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.133{ec230001-8108-6262-d0cc-21552a560000}4266/bin/systemctl-----systemctl -p CanReload --value show plymouth.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 534500x80000000000000002147082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.133{ec230001-8108-6262-c035-416614560000}4265/bin/readlinkubuntu 154100x80000000000000002147085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.138{ec230001-8108-6262-d08c-110873550000}4267/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 534500x80000000000000002147084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.138{ec230001-8108-6262-d0cc-21552a560000}4266/bin/systemctlubuntu 154100x80000000000000002147087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.142{ec230001-8108-6262-d0dc-2b4d77550000}4268/bin/systemctl-----/bin/systemctl --no-pager status plymouth.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envenvubuntu 534500x80000000000000002147086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.142{ec230001-8108-6262-d08c-110873550000}4267/bin/systemctlubuntu 534500x80000000000000002147088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.151{ec230001-8108-6262-d0dc-2b4d77550000}4268/bin/systemctlubuntu 154100x80000000000000002147092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.152{ec230001-8108-6262-506c-06dcbf550000}4270/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.152{ec230001-8108-6262-6882-003b79550000}4270/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.152{00000000-0000-0000-0000-000000000000}4269<unknown process>ubuntu 534500x80000000000000002147089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.152{ec230001-8108-6262-787c-da9678550000}4262/usr/bin/envubuntu 154100x80000000000000002147095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.153{ec230001-8108-6262-6882-3c52b6550000}4271/bin/dash-----/bin/sh /etc/init.d/plymouth-log status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.153{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/plymouth-log status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.153{ec230001-8108-6262-6882-003b79550000}4270/bin/dashubuntu 154100x80000000000000002147096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.155{ec230001-8108-6262-386a-2a6257550000}4272/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 154100x80000000000000002147098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.156{ec230001-8108-6262-d02c-9b0d2c560000}4273/bin/systemctl-----systemctl -p LoadState --value show plymouth-log.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 534500x80000000000000002147097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.156{ec230001-8108-6262-386a-2a6257550000}4272/bin/run-partsubuntu 154100x80000000000000002147100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.165{ec230001-8108-6262-c065-1e8f0c560000}4274/bin/readlink-----readlink -f /etc/init.d/plymouth-log/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 534500x80000000000000002147099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.165{ec230001-8108-6262-d02c-9b0d2c560000}4273/bin/systemctlubuntu 154100x80000000000000002147102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.166{ec230001-8108-6262-d0fc-09e4d6550000}4275/bin/systemctl-----systemctl -p CanReload --value show plymouth-log.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 534500x80000000000000002147101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.166{ec230001-8108-6262-c065-1e8f0c560000}4274/bin/readlinkubuntu 154100x80000000000000002147104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.172{ec230001-8108-6262-d01c-32a7b5550000}4276/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 534500x80000000000000002147103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.172{ec230001-8108-6262-d0fc-09e4d6550000}4275/bin/systemctlubuntu 154100x80000000000000002147106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.175{ec230001-8108-6262-d01c-926a25560000}4277/bin/systemctl-----/bin/systemctl --no-pager status plymouth-log.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envenvubuntu 534500x80000000000000002147105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.175{ec230001-8108-6262-d01c-32a7b5550000}4276/bin/systemctlubuntu 154100x80000000000000002147111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.192{ec230001-8108-6262-50ac-a1938f550000}4279/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.192{ec230001-8108-6262-6852-a0764a560000}4279/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.192{00000000-0000-0000-0000-000000000000}4278<unknown process>ubuntu 534500x80000000000000002147108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.192{ec230001-8108-6262-785c-e4797d550000}4271/usr/bin/envubuntu 534500x80000000000000002147107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.192{ec230001-8108-6262-d01c-926a25560000}4277/bin/systemctlubuntu 154100x80000000000000002147114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.194{ec230001-8108-6262-6882-9fe067550000}4280/bin/dash-----/bin/sh /etc/init.d/procps status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.194{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/procps status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.194{ec230001-8108-6262-6852-a0764a560000}4279/bin/dashubuntu 154100x80000000000000002147115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.196{ec230001-8108-6262-38ea-34fd16560000}4281/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 154100x80000000000000002147117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.197{ec230001-8108-6262-d09c-32bc96550000}4282/bin/systemctl-----systemctl -p LoadState --value show procps.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 534500x80000000000000002147116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.197{ec230001-8108-6262-38ea-34fd16560000}4281/bin/run-partsubuntu 534500x80000000000000002147118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.206{ec230001-8108-6262-d09c-32bc96550000}4282/bin/systemctlubuntu 154100x80000000000000002147119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.207{ec230001-8108-6262-c0f5-57edb0550000}4283/bin/readlink-----readlink -f /etc/init.d/procps/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 154100x80000000000000002147121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.208{ec230001-8108-6262-d0ac-420137560000}4284/bin/systemctl-----systemctl -p CanReload --value show procps.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 534500x80000000000000002147120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.208{ec230001-8108-6262-c0f5-57edb0550000}4283/bin/readlinkubuntu 154100x80000000000000002147123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.214{ec230001-8108-6262-d07c-b2f156550000}4285/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 534500x80000000000000002147122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.214{ec230001-8108-6262-d0ac-420137560000}4284/bin/systemctlubuntu 154100x80000000000000002147125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.219{ec230001-8108-6262-d0bc-686102560000}4286/bin/systemctl-----/bin/systemctl --no-pager status procps.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envenvubuntu 534500x80000000000000002147124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.219{ec230001-8108-6262-d07c-b2f156550000}4285/bin/systemctlubuntu 534500x80000000000000002147127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.236{ec230001-8108-6262-78bc-8536b4550000}4280/usr/bin/envubuntu 534500x80000000000000002147126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.236{ec230001-8108-6262-d0bc-686102560000}4286/bin/systemctlubuntu 154100x80000000000000002147129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.237{ec230001-8108-6262-50ec-d7bb26560000}4288/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.237{ec230001-8108-6262-6832-0502c5550000}4288/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.238{ec230001-8108-6262-6832-0502c5550000}4288/bin/dashubuntu 534500x80000000000000002147130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.238{ec230001-8108-6262-0000-000000000000}4287-ubuntu 154100x80000000000000002147133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.239{ec230001-8108-6262-6892-6d1d46560000}4289/bin/dash-----/bin/sh /etc/init.d/rsync status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.239{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/rsync status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.240{ec230001-8108-6262-384a-efda56550000}4290/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 154100x80000000000000002147136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.241{ec230001-8108-6262-d08c-20277b550000}4291/bin/systemctl-----systemctl -p LoadState --value show rsync.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 534500x80000000000000002147135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.241{ec230001-8108-6262-384a-efda56550000}4290/bin/run-partsubuntu 534500x80000000000000002147137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.248{ec230001-8108-6262-d08c-20277b550000}4291/bin/systemctlubuntu 534500x80000000000000002147139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.249{ec230001-8108-6262-c015-72b135560000}4292/bin/readlinkubuntu 154100x80000000000000002147138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.249{ec230001-8108-6262-c015-72b135560000}4292/bin/readlink-----readlink -f /etc/init.d/rsync/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 154100x80000000000000002147140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.250{ec230001-8108-6262-d06c-f9147f550000}4293/bin/systemctl-----systemctl -p CanReload --value show rsync.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 154100x80000000000000002147142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.255{ec230001-8108-6262-d0bc-43319b550000}4294/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 534500x80000000000000002147141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.255{ec230001-8108-6262-d06c-f9147f550000}4293/bin/systemctlubuntu 154100x80000000000000002147144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.259{ec230001-8108-6262-d03c-d78f9d550000}4295/bin/systemctl-----/bin/systemctl --no-pager status rsync.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envenvubuntu 534500x80000000000000002147143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.259{ec230001-8108-6262-d0bc-43319b550000}4294/bin/systemctlubuntu 534500x80000000000000002147146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.271{ec230001-8108-6262-788c-94269e550000}4289/usr/bin/envubuntu 534500x80000000000000002147145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.271{ec230001-8108-6262-d03c-d78f9d550000}4295/bin/systemctlubuntu 154100x80000000000000002147149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.272{ec230001-8108-6262-504c-0f1cab550000}4297/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.272{ec230001-8108-6262-6822-4890c4550000}4297/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.272{00000000-0000-0000-0000-000000000000}4296<unknown process>ubuntu 154100x80000000000000002147152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.274{ec230001-8108-6262-6812-3074ba550000}4298/bin/dash-----/bin/sh /etc/init.d/rsyslog status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.274{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/rsyslog status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.274{ec230001-8108-6262-6822-4890c4550000}4297/bin/dashubuntu 154100x80000000000000002147153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.276{ec230001-8108-6262-38ea-9ec95a550000}4299/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 154100x80000000000000002147155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.277{ec230001-8108-6262-d0fc-259746560000}4300/bin/systemctl-----systemctl -p LoadState --value show rsyslog.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 534500x80000000000000002147154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.277{ec230001-8108-6262-38ea-9ec95a550000}4299/bin/run-partsubuntu 154100x80000000000000002147157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.289{ec230001-8108-6262-c075-40d2cd550000}4301/bin/readlink-----readlink -f /etc/init.d/rsyslog/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 534500x80000000000000002147156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.289{ec230001-8108-6262-d0fc-259746560000}4300/bin/systemctlubuntu 154100x80000000000000002147159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.291{ec230001-8108-6262-d0ec-ffa0ac550000}4302/bin/systemctl-----systemctl -p CanReload --value show rsyslog.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 534500x80000000000000002147158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.291{ec230001-8108-6262-c075-40d2cd550000}4301/bin/readlinkubuntu 154100x80000000000000002147161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.297{ec230001-8108-6262-d08c-7f3d1d560000}4303/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 534500x80000000000000002147160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.297{ec230001-8108-6262-d0ec-ffa0ac550000}4302/bin/systemctlubuntu 154100x80000000000000002147163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.302{ec230001-8108-6262-d07c-1a3b23560000}4304/bin/systemctl-----/bin/systemctl --no-pager status rsyslog.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envenvubuntu 534500x80000000000000002147162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.302{ec230001-8108-6262-d08c-7f3d1d560000}4303/bin/systemctlubuntu 154100x80000000000000002147168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.313{ec230001-8108-6262-509c-a488ed550000}4306/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.313{ec230001-8108-6262-68f2-b79a63550000}4306/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.313{00000000-0000-0000-0000-000000000000}4305<unknown process>ubuntu 534500x80000000000000002147165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.313{ec230001-8108-6262-78bc-bba0d6550000}4298/usr/bin/envubuntu 534500x80000000000000002147164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.313{ec230001-8108-6262-d07c-1a3b23560000}4304/bin/systemctlubuntu 154100x80000000000000002147171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.315{ec230001-8108-6262-6822-9d58a9550000}4307/bin/dash-----/bin/sh /etc/init.d/screen-cleanup status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.315{ec230001-8108-6262-78bc-316889550000}4307/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/screen-cleanup status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.315{ec230001-8108-6262-68f2-b79a63550000}4306/bin/dashubuntu 534500x80000000000000002147172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.316{ec230001-8108-6262-78bc-316889550000}4307/usr/bin/envubuntu 154100x80000000000000002147175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.317{ec230001-8108-6262-507c-aa29a1550000}4309/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.317{ec230001-8108-6262-68e2-c45c73550000}4309/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.317{00000000-0000-0000-0000-000000000000}4308<unknown process>ubuntu 534500x80000000000000002147176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.318{ec230001-8108-6262-68e2-c45c73550000}4309/bin/dashubuntu 154100x80000000000000002147178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.319{ec230001-8108-6262-68e2-6d87e8550000}4310/bin/dash-----/bin/sh /etc/init.d/ssh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.319{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/ssh status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.320{ec230001-8108-6262-501c-22d720560000}4313/bin/grep-----grep -q OpenSSH/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4311--- 154100x80000000000000002147179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.320{ec230001-8108-6262-e027-52f5d7550000}4312/usr/sbin/sshd-----/usr/sbin/sshd -?/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4311--- 534500x80000000000000002147183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.323{00000000-0000-0000-0000-000000000000}4311<unknown process>ubuntu 534500x80000000000000002147182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.323{ec230001-8108-6262-501c-22d720560000}4313/bin/grepubuntu 534500x80000000000000002147181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.323{ec230001-8108-6262-e027-52f5d7550000}4312/usr/sbin/sshdubuntu 154100x80000000000000002147184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.324{ec230001-8108-6262-38da-ff615c550000}4314/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 154100x80000000000000002147186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.325{ec230001-8108-6262-d06c-35bd69550000}4315/bin/systemctl-----systemctl -p LoadState --value show ssh.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 534500x80000000000000002147185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.325{ec230001-8108-6262-38da-ff615c550000}4314/bin/run-partsubuntu 154100x80000000000000002147188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.333{ec230001-8108-6262-c075-9f8aa8550000}4316/bin/readlink-----readlink -f /etc/init.d/ssh/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 534500x80000000000000002147187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.333{ec230001-8108-6262-d06c-35bd69550000}4315/bin/systemctlubuntu 154100x80000000000000002147190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.334{ec230001-8108-6262-d09c-b6fd4f560000}4317/bin/systemctl-----systemctl -p CanReload --value show ssh.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 534500x80000000000000002147189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.334{ec230001-8108-6262-c075-9f8aa8550000}4316/bin/readlinkubuntu 154100x80000000000000002147192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.339{ec230001-8108-6262-d0bc-fe6770550000}4318/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 534500x80000000000000002147191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.339{ec230001-8108-6262-d09c-b6fd4f560000}4317/bin/systemctlubuntu 154100x80000000000000002147194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.344{ec230001-8108-6262-d01c-202436560000}4319/bin/systemctl-----/bin/systemctl --no-pager status ssh.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envenvubuntu 534500x80000000000000002147193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.344{ec230001-8108-6262-d0bc-fe6770550000}4318/bin/systemctlubuntu 534500x80000000000000002147195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.353{ec230001-8108-6262-d01c-202436560000}4319/bin/systemctlubuntu 154100x80000000000000002147199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.354{ec230001-8108-6262-503c-ae6791550000}4321/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.354{ec230001-8108-6262-68e2-689f45560000}4321/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.354{00000000-0000-0000-0000-000000000000}4320<unknown process>ubuntu 534500x80000000000000002147196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.354{ec230001-8108-6262-784c-d1734b560000}4310/usr/bin/envubuntu 534500x80000000000000002147200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.355{ec230001-8108-6262-68e2-689f45560000}4321/bin/dashubuntu 154100x80000000000000002147202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.356{ec230001-8108-6262-68e2-47cf8d550000}4322/bin/dash-----/bin/sh -e /etc/init.d/udev status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.356{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/udev status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.359{ec230001-8108-6262-389a-f880bc550000}4323/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 154100x80000000000000002147205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.362{ec230001-8108-6262-d0fc-9d0fc9550000}4324/bin/systemctl-----systemctl -p LoadState --value show udev.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 534500x80000000000000002147204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.362{ec230001-8108-6262-389a-f880bc550000}4323/bin/run-partsubuntu 154100x80000000000000002147207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.371{ec230001-8108-6262-c005-d13f43560000}4325/bin/readlink-----readlink -f /etc/init.d/udev/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 534500x80000000000000002147206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.371{ec230001-8108-6262-d0fc-9d0fc9550000}4324/bin/systemctlubuntu 154100x80000000000000002147209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.372{ec230001-8108-6262-d02c-19f378550000}4326/bin/systemctl-----systemctl -p CanReload --value show udev.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 534500x80000000000000002147208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.372{ec230001-8108-6262-c005-d13f43560000}4325/bin/readlinkubuntu 154100x80000000000000002147211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.378{ec230001-8108-6262-d05c-b6cfc7550000}4327/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 534500x80000000000000002147210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.378{ec230001-8108-6262-d02c-19f378550000}4326/bin/systemctlubuntu 534500x80000000000000002147212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.382{ec230001-8108-6262-d05c-b6cfc7550000}4327/bin/systemctlubuntu 154100x80000000000000002147213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.383{ec230001-8108-6262-d02c-b9d12c560000}4328/bin/systemctl-----/bin/systemctl --no-pager status udev.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envenvubuntu 154100x80000000000000002147218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.393{ec230001-8108-6262-505c-35f25a550000}4330/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.393{ec230001-8108-6262-6842-e3be01560000}4330/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.393{ec230001-8108-6262-78cc-a5ce9c550000}4322/usr/bin/envubuntu 534500x80000000000000002147214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.393{ec230001-8108-6262-d02c-b9d12c560000}4328/bin/systemctlubuntu 534500x80000000000000002147216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.394{00000000-0000-0000-0000-000000000000}4329<unknown process>ubuntu 154100x80000000000000002147221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.395{ec230001-8108-6262-6882-8c48d6550000}4331/bin/dash-----/bin/sh /etc/init.d/ufw status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.395{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/ufw status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.395{ec230001-8108-6262-6842-e3be01560000}4330/bin/dashubuntu 154100x80000000000000002147222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.398{ec230001-8108-6262-38ba-e8c109560000}4332/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 154100x80000000000000002147224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.399{ec230001-8108-6262-d00c-9b237d550000}4333/bin/systemctl-----systemctl -p LoadState --value show ufw.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 534500x80000000000000002147223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.399{ec230001-8108-6262-38ba-e8c109560000}4332/bin/run-partsubuntu 154100x80000000000000002147226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.407{ec230001-8108-6262-c055-f78ccf550000}4334/bin/readlink-----readlink -f /etc/init.d/ufw/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 534500x80000000000000002147225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.407{ec230001-8108-6262-d00c-9b237d550000}4333/bin/systemctlubuntu 154100x80000000000000002147228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.408{ec230001-8108-6262-d03c-9efc41560000}4335/bin/systemctl-----systemctl -p CanReload --value show ufw.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 534500x80000000000000002147227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.408{ec230001-8108-6262-c055-f78ccf550000}4334/bin/readlinkubuntu 154100x80000000000000002147230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.414{ec230001-8108-6262-d01c-f58b71550000}4336/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 534500x80000000000000002147229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.414{ec230001-8108-6262-d03c-9efc41560000}4335/bin/systemctlubuntu 154100x80000000000000002147232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.418{ec230001-8108-6262-d06c-105727560000}4337/bin/systemctl-----/bin/systemctl --no-pager status ufw.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envenvubuntu 534500x80000000000000002147231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.418{ec230001-8108-6262-d01c-f58b71550000}4336/bin/systemctlubuntu 154100x80000000000000002147237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.426{ec230001-8108-6262-50bc-451cdb550000}4339/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.426{ec230001-8108-6262-6862-fe6f49560000}4339/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.426{00000000-0000-0000-0000-000000000000}4338<unknown process>ubuntu 534500x80000000000000002147234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.426{ec230001-8108-6262-787c-8eca75550000}4331/usr/bin/envubuntu 534500x80000000000000002147233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.426{ec230001-8108-6262-d06c-105727560000}4337/bin/systemctlubuntu 154100x80000000000000002147240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.428{ec230001-8108-6262-6892-0ce882550000}4340/bin/dash-----/bin/sh /etc/init.d/unattended-upgrades status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.428{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/unattended-upgrades status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.428{ec230001-8108-6262-6862-fe6f49560000}4339/bin/dashubuntu 154100x80000000000000002147241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.429{ec230001-8108-6262-d0c9-ccf349560000}4341/bin/cat-----cat /proc/cmdline/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 154100x80000000000000002147243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.431{ec230001-8108-6262-38aa-cd8604560000}4342/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 534500x80000000000000002147242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.431{ec230001-8108-6262-d0c9-ccf349560000}4341/bin/catubuntu 534500x80000000000000002147244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.432{ec230001-8108-6262-38aa-cd8604560000}4342/bin/run-partsubuntu 154100x80000000000000002147245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.433{ec230001-8108-6262-d0cc-1380fe550000}4343/bin/systemctl-----systemctl -p LoadState --value show unattended-upgrades.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 154100x80000000000000002147247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.443{ec230001-8108-6262-c085-61b6dc550000}4344/bin/readlink-----readlink -f /etc/init.d/unattended-upgrades/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 534500x80000000000000002147246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.443{ec230001-8108-6262-d0cc-1380fe550000}4343/bin/systemctlubuntu 154100x80000000000000002147249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.444{ec230001-8108-6262-d01c-715e34560000}4345/bin/systemctl-----systemctl -p CanReload --value show unattended-upgrades.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 534500x80000000000000002147248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.444{ec230001-8108-6262-c085-61b6dc550000}4344/bin/readlinkubuntu 154100x80000000000000002147251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.451{ec230001-8108-6262-d0bc-d06a91550000}4346/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 534500x80000000000000002147250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.451{ec230001-8108-6262-d01c-715e34560000}4345/bin/systemctlubuntu 154100x80000000000000002147253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.458{ec230001-8108-6262-d01c-00a7e3550000}4347/bin/systemctl-----/bin/systemctl --no-pager status unattended-upgrades.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envenvubuntu 534500x80000000000000002147252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.458{ec230001-8108-6262-d0bc-d06a91550000}4346/bin/systemctlubuntu 154100x80000000000000002147258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.468{ec230001-8108-6262-50ec-b4e406560000}4349/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.468{ec230001-8108-6262-68f2-1bd24b560000}4349/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.468{00000000-0000-0000-0000-000000000000}4348<unknown process>ubuntu 534500x80000000000000002147255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.468{ec230001-8108-6262-781c-63e411560000}4340/usr/bin/envubuntu 534500x80000000000000002147254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.468{ec230001-8108-6262-d01c-00a7e3550000}4347/bin/systemctlubuntu 154100x80000000000000002147261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.470{ec230001-8108-6262-6872-0c667d550000}4350/bin/dash-----/bin/sh -e /etc/init.d/uuidd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.470{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/env-----env -i LANG=C.UTF-8 LANGUAGE= LC_CTYPE=C.UTF-8 LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= LC_ALL= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin TERM=xterm-256color /etc/init.d/uuidd status/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.470{ec230001-8108-6262-68f2-1bd24b560000}4349/bin/dashubuntu 154100x80000000000000002147262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.472{ec230001-8108-6262-38ba-50de14560000}4351/bin/run-parts-----run-parts --lsbsysinit --list /lib/lsb/init-functions.d/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 154100x80000000000000002147264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.473{ec230001-8108-6262-d08c-e1eb16560000}4352/bin/systemctl-----systemctl -p LoadState --value show uuidd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 534500x80000000000000002147263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.473{ec230001-8108-6262-38ba-50de14560000}4351/bin/run-partsubuntu 154100x80000000000000002147266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.483{ec230001-8108-6262-c045-60bdad550000}4353/bin/readlink-----readlink -f /etc/init.d/uuidd/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 534500x80000000000000002147265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.483{ec230001-8108-6262-d08c-e1eb16560000}4352/bin/systemctlubuntu 154100x80000000000000002147268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.484{ec230001-8108-6262-d0ac-ba40c8550000}4354/bin/systemctl-----systemctl -p CanReload --value show uuidd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 534500x80000000000000002147267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.484{ec230001-8108-6262-c045-60bdad550000}4353/bin/readlinkubuntu 534500x80000000000000002147269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.494{ec230001-8108-6262-d0ac-ba40c8550000}4354/bin/systemctlubuntu 154100x80000000000000002147270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.495{ec230001-8108-6262-d00c-274ccd550000}4355/bin/systemctl-----systemctl is-system-running/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 154100x80000000000000002147272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.498{ec230001-8108-6262-d05c-7b4b16560000}4356/bin/systemctl-----/bin/systemctl --no-pager status uuidd.service/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envenvubuntu 534500x80000000000000002147271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.498{ec230001-8108-6262-d00c-274ccd550000}4355/bin/systemctlubuntu 154100x80000000000000002147277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.506{ec230001-8108-6262-509c-1f415a550000}4358/bin/grep-----grep -E -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 154100x80000000000000002147276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.506{ec230001-8108-6262-6882-17281e560000}4358/bin/dash-----/bin/sh /bin/egrep -iq usage:/etc/init.dubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8107-6262-6892-ecd235560000}4023/bin/dash/bin/shubuntu 534500x80000000000000002147275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.506{00000000-0000-0000-0000-000000000000}4357<unknown process>ubuntu 534500x80000000000000002147274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.506{ec230001-8108-6262-785c-6396aa550000}4350/usr/bin/envubuntu 534500x80000000000000002147273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.506{ec230001-8108-6262-d05c-7b4b16560000}4356/bin/systemctlubuntu 534500x80000000000000002147279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.510{ec230001-8107-6262-6892-ecd235560000}4023/bin/dashubuntu 534500x80000000000000002147278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:48.510{ec230001-8108-6262-6882-17281e560000}4358/bin/dashubuntu 354300x80000000000000002147280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:52.275{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36588-false10.0.1.12-8000- 354300x80000000000000002147281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:18:58.262{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36590-false10.0.1.12-8000- 23542300x80000000000000002147282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:01.005{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:03.277{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36592-false10.0.1.12-8000- 354300x80000000000000002147284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:09.247{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36594-false10.0.1.12-8000- 354300x80000000000000002147285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:14.360{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36596-false10.0.1.12-8000- 154100x80000000000000002147286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:14.918{ec230001-8122-6262-6894-b20276550000}4359/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002147287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:14.928{ec230001-8122-6262-6894-b20276550000}4359/bin/psroot 354300x80000000000000002147288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:19.482{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36598-false10.0.1.12-8000- 354300x80000000000000002147289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:25.296{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36600-false10.0.1.12-8000- 354300x80000000000000002147290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:30.323{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36602-false10.0.1.12-8000- 23542300x80000000000000002147291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:31.006{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:36.244{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36604-false10.0.1.12-8000- 354300x80000000000000002147293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:41.317{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36606-false10.0.1.12-8000- 354300x80000000000000002147294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:46.340{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36608-false10.0.1.12-8000- 354300x80000000000000002147295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:46.774{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39594-false10.0.1.12-8089- 354300x80000000000000002147296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:51.407{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36612-false10.0.1.12-8000- 354300x80000000000000002147297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:19:57.369{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36614-false10.0.1.12-8000- 23542300x80000000000000002147298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:01.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:02.466{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36616-false10.0.1.12-8000- 354300x80000000000000002147300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:08.400{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36618-false10.0.1.12-8000- 354300x80000000000000002147301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:14.365{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36620-false10.0.1.12-8000- 154100x80000000000000002147302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:15.989{ec230001-815f-6262-6834-83870e560000}4360/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002147303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:15.999{ec230001-815f-6262-6834-83870e560000}4360/bin/psroot 354300x80000000000000002147304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.359{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36622-false10.0.1.12-8000- 154100x80000000000000002147305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.523{ec230001-8164-6262-503c-7b0000000000}4362/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- svcadm/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}4361--- 154100x80000000000000002147313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.577{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command svcadm/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8164-6262-503c-7b0000000000}4362/usr/bin/python3.6/usr/bin/python3ubuntu 154100x80000000000000002147306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.577{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command svcadm/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-8164-6262-503c-7b0000000000}4362/usr/bin/python3.6/usr/bin/python3ubuntu 534500x80000000000000002147312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.591{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.609{ec230001-8164-6262-7058-45ff44560000}4363/usr/bin/snapubuntu 534500x80000000000000002147320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.610{ec230001-8164-6262-a4a6-55595f550000}4363/snap/snapd/15534/usr/bin/snapubuntu 534500x80000000000000002147321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.638{ec230001-8164-6262-503c-7b0000000000}4362/usr/bin/python3.6ubuntu 534500x80000000000000002147322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:20.639{00000000-0000-0000-0000-000000000000}4361<unknown process>ubuntu 354300x80000000000000002147323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:26.295{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36624-false10.0.1.12-8000- 23542300x80000000000000002147324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:31.006{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x80000000000000002147325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:31.213{ec230001-816f-6262-50ff-b4f9f9550000}4376/usr/bin/shred-----shred/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 534500x80000000000000002147326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:31.217{ec230001-816f-6262-50ff-b4f9f9550000}4376/usr/bin/shredubuntu 354300x80000000000000002147327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:31.306{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36626-false10.0.1.12-8000- 354300x80000000000000002147328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:36.334{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36628-false10.0.1.12-8000- 354300x80000000000000002147329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:41.367{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36630-false10.0.1.12-8000- 354300x80000000000000002147330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:46.390{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36632-false10.0.1.12-8000- 354300x80000000000000002147331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:46.778{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39618-false10.0.1.12-8089- 354300x80000000000000002147332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:51.460{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36636-false10.0.1.12-8000- 354300x80000000000000002147333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:20:57.252{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36638-false10.0.1.12-8000- 23542300x80000000000000002147334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:01.006{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:02.274{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36640-false10.0.1.12-8000- 534500x80000000000000002147336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:02.688{00000000-0000-0000-0000-000000000000}2388<unknown process>root 354300x80000000000000002147337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:07.316{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36642-false10.0.1.12-8000- 354300x80000000000000002147338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:12.465{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36644-false10.0.1.12-8000- 154100x80000000000000002147339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:17.000{ec230001-819d-6262-6814-98653c560000}4377/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002147340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:17.011{ec230001-819d-6262-6814-98653c560000}4377/bin/psroot 354300x80000000000000002147341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:18.291{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36646-false10.0.1.12-8000- 354300x80000000000000002147342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:23.381{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36648-false10.0.1.12-8000- 354300x80000000000000002147343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:28.422{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36650-false10.0.1.12-8000- 23542300x80000000000000002147344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:31.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:34.306{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36652-false10.0.1.12-8000- 354300x80000000000000002147346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:39.386{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36654-false10.0.1.12-8000- 354300x80000000000000002147347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:45.379{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36656-false10.0.1.12-8000- 354300x80000000000000002147348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:46.782{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39642-false10.0.1.12-8089- 354300x80000000000000002147349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:51.329{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36660-false10.0.1.12-8000- 154100x80000000000000002147350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.943{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudo-----sudo systemctl disable apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002147351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.946{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudoubuntuudptruefalse127.0.0.1-45545-false127.0.0.53-53- 354300x80000000000000002147353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.947{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-43742-false10.0.0.2-53- 354300x80000000000000002147352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.947{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-53906-false10.0.0.2-53- 354300x80000000000000002147357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.952{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-57469- 354300x80000000000000002147356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.952{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudoubuntuudptruefalse127.0.0.1-57469-false127.0.0.53-53- 354300x80000000000000002147355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.952{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-57469- 354300x80000000000000002147354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.952{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45545- 154100x80000000000000002147358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.956{ec230001-81c1-6262-d0dc-b9e65e550000}4380/bin/systemctl-----systemctl disable apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudosudoubuntu 154100x80000000000000002147359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.959{ec230001-81c1-6262-6862-32848f550000}4381/bin/dash-----/bin/sh /lib/systemd/systemd-sysv-install disable apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-d0dc-b9e65e550000}4380/bin/systemctlsystemctlroot 154100x80000000000000002147360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.961{ec230001-81c1-6262-58ba-992d79550000}4382/usr/bin/getopt-----getopt -o r: --long root: -- disable apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-6862-32848f550000}4381/bin/dash/bin/shroot 154100x80000000000000002147362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.962{ec230001-81c1-6262-98e7-878660550000}4383/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d apache2 defaults/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-6862-32848f550000}4381/bin/dash/bin/shroot 534500x80000000000000002147361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.962{ec230001-81c1-6262-58ba-992d79550000}4382/usr/bin/getoptroot 154100x80000000000000002147363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:53.969{ec230001-81c1-6262-d0bc-9d85e3550000}4384/bin/systemctl-----systemctl daemon-reload/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-98e7-878660550000}4383/usr/bin/perl/usr/bin/perlroot 23542300x80000000000000002147374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002147373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002147372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002147371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002147370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002147369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002147368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002147367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002147366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002147365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002147364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.032{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002147382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002147381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002147380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002147379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002147378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002147377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002147376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002147375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.033{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 534500x80000000000000002147384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.034{ec230001-81c2-6262-38d3-85dad9550000}4386/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x80000000000000002147383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.034{ec230001-81c2-6262-38d3-85dad9550000}4386/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4385--- 534500x80000000000000002147385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.035{00000000-0000-0000-0000-000000000000}4385<unknown process>root 154100x80000000000000002147388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.036{ec230001-81c2-6262-306c-f8d1e5550000}4390/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.036{ec230001-81c2-6262-68c2-f495fe550000}4389/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.036{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.037{ec230001-81c2-6262-c005-50ad1b560000}4393/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.037{ec230001-81c2-6262-7816-4b6c02560000}4394/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash/bin/shroot 154100x80000000000000002147390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.037{ec230001-81c2-6262-d0a9-4f7a48560000}4392/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-68c2-f495fe550000}4389/bin/dash/bin/shroot 154100x80000000000000002147389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.037{ec230001-81c2-6262-98f7-5ff43d560000}4391/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.038{ec230001-81c2-6262-687c-80b84b560000}4396/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.038{ec230001-81c2-6262-8876-38a369550000}4397/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.038{ec230001-81c2-6262-b83e-051d16560000}4395/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 534500x80000000000000002147391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.038{ec230001-81c2-6262-d0a9-4f7a48560000}4392/bin/catroot 154100x80000000000000002147406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.039{ec230001-81c2-6262-f0eb-788517560000}4399/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.039{ec230001-81c2-6262-d03e-fe2085550000}4398/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 534500x80000000000000002147396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.039{ec230001-81c2-6262-68c2-f495fe550000}4389/bin/dashroot 534500x80000000000000002147394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.039{ec230001-81c2-6262-c005-50ad1b560000}4393/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002147412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.040{ec230001-81c2-6262-88f4-755656550000}4400/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.040{ec230001-81c2-6262-a042-3928b4550000}4401/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.040{ec230001-81c2-6262-2015-024580550000}4402/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 534500x80000000000000002147398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.040{ec230001-81c2-6262-306c-f8d1e5550000}4390/lib/systemd/system-generators/lvm2-activation-generatorroot 154100x80000000000000002147414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-38f3-ebadf4550000}4405/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-98f7-5ff43d560000}4391/lib/netplan/generate/lib/systemd/system-generators/netplanroot 154100x80000000000000002147411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-80a4-bbb6de550000}4404/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 154100x80000000000000002147405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-d85c-4bfdcb550000}4403/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4387--- 534500x80000000000000002147404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-7816-4b6c02560000}4394/usr/bin/systemd-detect-virtroot 23542300x80000000000000002147402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-98f7-5ff43d560000}4391root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002147401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-98f7-5ff43d560000}4391root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002147400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-98f7-5ff43d560000}4391root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002147399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.041{ec230001-81c2-6262-98f7-5ff43d560000}4391root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002147418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.042{ec230001-81c2-6262-7826-6dc304560000}4406/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash/bin/shroot 534500x80000000000000002147409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.042{ec230001-81c2-6262-b83e-051d16560000}4395/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002147413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.044{ec230001-81c2-6262-8876-38a369550000}4397/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002147417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.046{ec230001-81c2-6262-2015-024580550000}4402/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002147416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.046{ec230001-81c2-6262-80a4-bbb6de550000}4404/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x80000000000000002147415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.046{ec230001-81c2-6262-687c-80b84b560000}4396/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002147421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.047{ec230001-81c2-6262-d03e-fe2085550000}4398/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002147420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.047{ec230001-81c2-6262-38f3-ebadf4550000}4405/bin/udevadmroot 534500x80000000000000002147419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.047{ec230001-81c2-6262-a042-3928b4550000}4401/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002147422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.048{ec230001-81c2-6262-98f7-5ff43d560000}4391/lib/netplan/generateroot 534500x80000000000000002147425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.049{ec230001-81c2-6262-7826-6dc304560000}4406/usr/bin/systemd-detect-virtroot 534500x80000000000000002147424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.049{ec230001-81c2-6262-88f4-755656550000}4400/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 924900x80000000000000002147423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.049{ec230001-81c2-6262-f0eb-788517560000}4399/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 154100x80000000000000002147427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.050{ec230001-81c2-6262-6882-3628ae550000}4407/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash/bin/shroot 534500x80000000000000002147426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.050{ec230001-81c2-6262-f0eb-788517560000}4399/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 154100x80000000000000002147429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.053{ec230001-81c2-6262-781f-f0ebf4550000}4408/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash/bin/shroot 534500x80000000000000002147428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.053{ec230001-81c2-6262-6882-3628ae550000}4407/bin/dashroot 154100x80000000000000002147431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.054{ec230001-81c2-6262-987d-707956550000}4409/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dash/bin/shroot 534500x80000000000000002147430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.054{ec230001-81c2-6262-781f-f0ebf4550000}4408/bin/mkdirroot 534500x80000000000000002147433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.055{ec230001-81c2-6262-6862-1f87d2550000}4388/bin/dashroot 534500x80000000000000002147432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.055{ec230001-81c2-6262-987d-707956550000}4409/bin/lnroot 534500x80000000000000002147434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.067{ec230001-81c2-6262-d85c-4bfdcb550000}4403/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002147435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.069{ec230001-8108-6262-0000-000000000000}4387-root 534500x80000000000000002147436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.170{ec230001-81c1-6262-d0bc-9d85e3550000}4384/bin/systemctlroot 154100x80000000000000002147438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.172{ec230001-81c2-6262-98f7-b9363a560000}4410/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d apache2 disable/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c1-6262-6862-32848f550000}4381/bin/dash/bin/shroot 534500x80000000000000002147437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.172{ec230001-81c1-6262-98e7-878660550000}4383/usr/bin/perlroot 154100x80000000000000002147440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.179{ec230001-81c2-6262-d07c-8e18fd550000}4411/bin/systemctl-----systemctl daemon-reload/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81c2-6262-98f7-b9363a560000}4410/usr/bin/perl/usr/bin/perlroot 23542300x80000000000000002147439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.179{ec230001-81c2-6262-98f7-b9363a560000}4410root/usr/bin/perl/etc/systemd/system/multi-user.target.wants/apache2.service--- 23542300x80000000000000002147441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.244{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002147459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002147458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002147457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002147456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002147455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002147454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002147453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002147452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002147451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002147450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002147449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002147448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002147447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002147446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002147445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002147444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x80000000000000002147443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002147442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.245{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 154100x80000000000000002147460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.246{ec230001-81c2-6262-3823-922639560000}4413/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4412--- 534500x80000000000000002147461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.247{ec230001-81c2-6262-3823-922639560000}4413/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 534500x80000000000000002147462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.248{ec230001-81c2-6262-0000-000000000000}4412-root 154100x80000000000000002147464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.250{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.251{ec230001-81c2-6262-c045-cc0fda550000}4419/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.251{ec230001-81c2-6262-302c-74b5a0550000}4417/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.251{ec230001-81c2-6262-9857-839f6a550000}4418/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.251{ec230001-81c2-6262-6872-ced6d8550000}4416/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.252{ec230001-81c2-6262-d0e9-a0bad2550000}4422/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6872-ced6d8550000}4416/bin/dash/bin/shroot 154100x80000000000000002147479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.252{ec230001-81c2-6262-b89e-5f1fca550000}4420/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.252{ec230001-81c2-6262-688c-b2c67e550000}4421/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.253{ec230001-81c2-6262-d02e-8cb887550000}4425/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.253{ec230001-81c2-6262-f08b-7e3c60550000}4426/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.253{ec230001-81c2-6262-88a6-e11f44560000}4423/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.253{ec230001-81c2-6262-7806-4d764f560000}4424/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash/bin/shroot 154100x80000000000000002147493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.254{ec230001-81c2-6262-88b4-dc6468550000}4427/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.254{ec230001-81c2-6262-a032-5a2877550000}4428/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.254{ec230001-81c2-6262-2035-c88376550000}4429/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-8054-6b4f0d560000}4431/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 154100x80000000000000002147476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-d86c-7d6ff4550000}4430/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4414--- 23542300x80000000000000002147474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-9857-839f6a550000}4418root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002147473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-9857-839f6a550000}4418root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002147472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-9857-839f6a550000}4418root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002147471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-9857-839f6a550000}4418root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 534500x80000000000000002147470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.255{ec230001-81c2-6262-c045-cc0fda550000}4419/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002147477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.256{ec230001-81c2-6262-3823-e0fbf5550000}4432/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-9857-839f6a550000}4418/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002147482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.259{ec230001-81c2-6262-3823-e0fbf5550000}4432/bin/udevadmroot 534500x80000000000000002147481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.259{ec230001-81c2-6262-7806-4d764f560000}4424/usr/bin/systemd-detect-virtroot 534500x80000000000000002147483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.260{ec230001-81c2-6262-9857-839f6a550000}4418/lib/netplan/generateroot 534500x80000000000000002147487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.262{ec230001-81c2-6262-688c-b2c67e550000}4421/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002147486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.262{ec230001-81c2-6262-6872-ced6d8550000}4416/bin/dashroot 534500x80000000000000002147485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.262{ec230001-81c2-6262-d0e9-a0bad2550000}4422/bin/catroot 154100x80000000000000002147492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.263{ec230001-81c2-6262-7876-c818ef550000}4433/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash/bin/shroot 534500x80000000000000002147491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.264{ec230001-81c2-6262-302c-74b5a0550000}4417/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x80000000000000002147494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.265{ec230001-81c2-6262-b89e-5f1fca550000}4420/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x80000000000000002147496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.266{ec230001-81c2-6262-2035-c88376550000}4429/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x80000000000000002147495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.266{ec230001-81c2-6262-88a6-e11f44560000}4423/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002147498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.267{ec230001-81c2-6262-d02e-8cb887550000}4425/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002147497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.267{ec230001-81c2-6262-8054-6b4f0d560000}4431/lib/systemd/system-generators/systemd-veritysetup-generatorroot 154100x80000000000000002147500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.268{ec230001-81c2-6262-6812-b2be74550000}4434/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash/bin/shroot 534500x80000000000000002147499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.268{ec230001-81c2-6262-7876-c818ef550000}4433/usr/bin/systemd-detect-virtroot 534500x80000000000000002147501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.269{ec230001-81c2-6262-a032-5a2877550000}4428/lib/systemd/system-generators/systemd-rc-local-generatorroot 154100x80000000000000002147504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.270{ec230001-81c2-6262-785f-2ad00d560000}4435/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash/bin/shroot 924900x80000000000000002147503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.270{ec230001-81c2-6262-f08b-7e3c60550000}4426/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x80000000000000002147502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.270{ec230001-81c2-6262-6812-b2be74550000}4434/bin/dashroot 534500x80000000000000002147505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.271{ec230001-81c2-6262-785f-2ad00d560000}4435/bin/mkdirroot 534500x80000000000000002147508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.272{ec230001-81c2-6262-88b4-dc6468550000}4427/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x80000000000000002147507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.272{ec230001-81c2-6262-f08b-7e3c60550000}4426/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 154100x80000000000000002147506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.272{ec230001-81c2-6262-989d-d54847560000}4436/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dash/bin/shroot 534500x80000000000000002147510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.273{ec230001-81c2-6262-6882-ab49ce550000}4415/bin/dashroot 534500x80000000000000002147509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.273{ec230001-81c2-6262-989d-d54847560000}4436/bin/lnroot 534500x80000000000000002147511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.287{ec230001-81c2-6262-d86c-7d6ff4550000}4430/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002147512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.288{ec230001-81c2-6262-0000-000000000000}4414-root 534500x80000000000000002147513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.405{ec230001-81c2-6262-d07c-8e18fd550000}4411/bin/systemctlroot 534500x80000000000000002147515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.406{ec230001-81c1-6262-6862-32848f550000}4381/bin/dashroot 534500x80000000000000002147514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.406{ec230001-81c2-6262-98f7-b9363a560000}4410/usr/bin/perlroot 23542300x80000000000000002147521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x80000000000000002147520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x80000000000000002147519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x80000000000000002147518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x80000000000000002147517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x80000000000000002147516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.476{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x80000000000000002147534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x80000000000000002147533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x80000000000000002147532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x80000000000000002147531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x80000000000000002147530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x80000000000000002147529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x80000000000000002147528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x80000000000000002147527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x80000000000000002147526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x80000000000000002147525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x80000000000000002147524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x80000000000000002147523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x80000000000000002147522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.477{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 154100x80000000000000002147535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.478{ec230001-81c2-6262-3893-bb4947560000}4439/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4438--- 534500x80000000000000002147536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.479{ec230001-81c2-6262-3893-bb4947560000}4439/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 534500x80000000000000002147537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.480{ec230001-81c2-6262-0000-000000000000}4438-root 154100x80000000000000002147540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.481{ec230001-81c2-6262-30dc-144a74550000}4443/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.481{ec230001-81c2-6262-68b2-c3d3c1550000}4442/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.481{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.482{ec230001-81c2-6262-7856-d57ddb550000}4447/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash/bin/shroot 154100x80000000000000002147544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.482{ec230001-81c2-6262-687c-ef8866550000}4448/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.482{ec230001-81c2-6262-b8be-11d851560000}4446/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.482{ec230001-81c2-6262-c0b5-afaf46560000}4445/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.482{ec230001-81c2-6262-9897-f1525b550000}4444/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.483{ec230001-81c2-6262-d0ee-227d2a560000}4450/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.483{ec230001-81c2-6262-f03b-e9ee9b550000}4452/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.483{ec230001-81c2-6262-d0a9-feea45560000}4451/bin/cat-----cat /proc/cmdline/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-68b2-c3d3c1550000}4442/bin/dash/bin/shroot 154100x80000000000000002147547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.483{ec230001-81c2-6262-88c6-d68dcb550000}4449/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 534500x80000000000000002147545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.483{ec230001-81c2-6262-c0b5-afaf46560000}4445/lib/systemd/system-generators/snapd-generatorroot 154100x80000000000000002147577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.484{ec230001-81c2-6262-a092-0303a5550000}4454/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.484{ec230001-81c2-6262-2095-e2f293550000}4455/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.484{ec230001-81c2-6262-8834-2f42f9550000}4453/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-8034-1ed257550000}4457/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 154100x80000000000000002147557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-d88c-001418560000}4456/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4440--- 23542300x80000000000000002147552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-9897-f1525b550000}4444root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x80000000000000002147551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-9897-f1525b550000}4444root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x80000000000000002147550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-9897-f1525b550000}4444root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x80000000000000002147549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.485{ec230001-81c2-6262-9897-f1525b550000}4444root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x80000000000000002147556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.486{ec230001-81c2-6262-3833-5476c6550000}4458/bin/udevadm-----/sbin/udevadm control --reload/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-9897-f1525b550000}4444/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x80000000000000002147553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.486{ec230001-81c2-6262-30dc-144a74550000}4443/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x80000000000000002147559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.487{ec230001-81c2-6262-7856-d57ddb550000}4447/usr/bin/systemd-detect-virtroot 534500x80000000000000002147558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.487{ec230001-81c2-6262-687c-ef8866550000}4448/lib/systemd/system-generators/systemd-debug-generatorroot 534500x80000000000000002147565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.488{ec230001-81c2-6262-b8be-11d851560000}4446/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 154100x80000000000000002147564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.488{ec230001-81c2-6262-7886-4c99b1550000}4459/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash/bin/shroot 534500x80000000000000002147563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.488{ec230001-81c2-6262-d0a9-feea45560000}4451/bin/catroot 534500x80000000000000002147562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.488{ec230001-81c2-6262-88c6-d68dcb550000}4449/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x80000000000000002147561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.488{ec230001-81c2-6262-68b2-c3d3c1550000}4442/bin/dashroot 534500x80000000000000002147568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.490{ec230001-81c2-6262-3833-5476c6550000}4458/bin/udevadmroot 924900x80000000000000002147567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.490{ec230001-81c2-6262-f03b-e9ee9b550000}4452/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 154100x80000000000000002147575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.491{ec230001-81c2-6262-6862-c58b46560000}4460/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash/bin/shroot 534500x80000000000000002147571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.491{ec230001-81c2-6262-8834-2f42f9550000}4453/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x80000000000000002147570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.491{ec230001-81c2-6262-8034-1ed257550000}4457/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x80000000000000002147569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.491{ec230001-81c2-6262-7886-4c99b1550000}4459/usr/bin/systemd-detect-virtroot 534500x80000000000000002147574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.492{ec230001-81c2-6262-f03b-e9ee9b550000}4452/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x80000000000000002147572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.492{ec230001-81c2-6262-9897-f1525b550000}4444/lib/netplan/generateroot 534500x80000000000000002147576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.493{ec230001-81c2-6262-d0ee-227d2a560000}4450/lib/systemd/system-generators/systemd-getty-generatorroot 534500x80000000000000002147579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.495{ec230001-81c2-6262-6862-c58b46560000}4460/bin/dashroot 534500x80000000000000002147578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.495{ec230001-81c2-6262-2095-e2f293550000}4455/lib/systemd/system-generators/systemd-system-update-generatorroot 154100x80000000000000002147580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.496{ec230001-81c2-6262-785f-867385550000}4461/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash/bin/shroot 154100x80000000000000002147582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.497{ec230001-81c2-6262-98ad-180801560000}4462/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dash/bin/shroot 534500x80000000000000002147581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.497{ec230001-81c2-6262-785f-867385550000}4461/bin/mkdirroot 534500x80000000000000002147584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.498{ec230001-81c2-6262-98ad-180801560000}4462/bin/lnroot 534500x80000000000000002147583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.498{ec230001-81c2-6262-a092-0303a5550000}4454/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x80000000000000002147585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.499{ec230001-81c2-6262-6822-781b9c550000}4441/bin/dashroot 534500x80000000000000002147586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.516{ec230001-81c2-6262-d88c-001418560000}4456/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x80000000000000002147587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.517{ec230001-81c2-6262-0000-000000000000}4440-root 534500x80000000000000002147588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.615{ec230001-81c1-6262-d0dc-b9e65e550000}4380/bin/systemctlroot 534500x80000000000000002147589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:54.616{ec230001-81c1-6262-080e-52a833560000}4379/usr/bin/sudoroot 534500x80000000000000002147590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:55.517{ec230001-60ec-6262-c89a-4e13d6550000}462/lib/systemd/systemd-journaldroot 354300x80000000000000002147591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:21:56.361{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36662-false10.0.1.12-8000- 23542300x80000000000000002147592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:01.002{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002147593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:01.367{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36664-false10.0.1.12-8000- 154100x80000000000000002147594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.437{ec230001-81ca-6262-080e-df3626560000}4464/usr/bin/sudo-----sudo systemctl stop apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002147596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.440{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-51615-false10.0.0.2-53- 354300x80000000000000002147595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.440{ec230001-81ca-6262-080e-df3626560000}4464/usr/bin/sudoubuntuudptruefalse127.0.0.1-34999-false127.0.0.53-53- 354300x80000000000000002147600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.441{ec230001-81ca-6262-080e-df3626560000}4464/usr/bin/sudoubuntuudptruefalse127.0.0.1-48471-false127.0.0.53-53- 354300x80000000000000002147599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.441{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-48471- 354300x80000000000000002147598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.441{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-34999- 354300x80000000000000002147597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.441{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-42527-false10.0.0.2-53- 154100x80000000000000002147601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.444{ec230001-81ca-6262-d08c-ca9d94550000}4465/bin/systemctl-----systemctl stop apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81ca-6262-080e-df3626560000}4464/usr/bin/sudosudoubuntu 154100x80000000000000002147602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.447{ec230001-81ca-6262-5806-f45354560000}4466/bin/systemd-tty-ask-password-agent-----/bin/systemd-tty-ask-password-agent --watch/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81ca-6262-d08c-ca9d94550000}4465/bin/systemctlsystemctlroot 154100x80000000000000002147603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.450{ec230001-81ca-6262-68b2-e97de8550000}4467/bin/dash-----/bin/sh /usr/sbin/apachectl stop/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-60e5-6262-5899-087003560000}1/lib/systemd/systemd/sbin/initroot 534500x80000000000000002147605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.453{ec230001-81ca-6262-107e-21726e550000}4468/usr/bin/idroot 154100x80000000000000002147604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.453{ec230001-81ca-6262-107e-21726e550000}4468/usr/bin/id-----id -u/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81ca-6262-68b2-e97de8550000}4467/bin/dash/bin/shroot 154100x80000000000000002147606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.454{ec230001-81ca-6262-6849-61f20d560000}4469/usr/sbin/apache2-----/usr/sbin/apache2 -k stop/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81ca-6262-68b2-e97de8550000}4467/bin/dash/bin/shroot 354300x80000000000000002147609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-49040-false10.0.0.2-53- 354300x80000000000000002147608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-40868-false10.0.0.2-53- 354300x80000000000000002147607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.514{ec230001-81ca-6262-6849-61f20d560000}4469/usr/sbin/apache2rootudptruefalse127.0.0.1-36656-false127.0.0.53-53- 354300x80000000000000002147612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.515{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52082- 354300x80000000000000002147611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.515{ec230001-81ca-6262-6849-61f20d560000}4469/usr/sbin/apache2rootudptruefalse127.0.0.1-52082-false127.0.0.53-53- 354300x80000000000000002147610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.515{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36656- 354300x80000000000000002147614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.516{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-41644-false10.0.0.2-53- 354300x80000000000000002147613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.516{ec230001-81ca-6262-6849-61f20d560000}4469/usr/sbin/apache2rootudptruefalse127.0.0.1-51364-false127.0.0.53-53- 534500x80000000000000002147640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 354300x80000000000000002147615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.517{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51364- 534500x80000000000000002147668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.518{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.519{ec230001-8060-6262-68e9-b8824e560000}3616/usr/sbin/apache2www-data 534500x80000000000000002147663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.519{ec230001-8060-6262-68e9-b8824e560000}3615/usr/sbin/apache2www-data 534500x80000000000000002147670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.528{ec230001-81ca-6262-6849-61f20d560000}4469/usr/sbin/apache2root 23542300x80000000000000002147672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.529{ec230001-60ec-6262-c89a-4e13d6550000}462root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:40241--- 534500x80000000000000002147671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.529{ec230001-81ca-6262-68b2-e97de8550000}4467/bin/dashroot 23542300x80000000000000002147673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.530{ec230001-8060-6262-68e9-b8824e560000}3613root/usr/sbin/apache2/var/run/apache2/apache2.pid--- 534500x80000000000000002147674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.541{ec230001-8060-6262-68e9-b8824e560000}3613/usr/sbin/apache2root 534500x80000000000000002147677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.542{ec230001-60e5-6262-5899-087003560000}1/lib/systemd/systemdroot 534500x80000000000000002147676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.542{ec230001-60e5-6262-5899-087003560000}1/lib/systemd/systemdroot 23542300x80000000000000002147675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.542{ec230001-60e5-6262-5899-087003560000}1root/lib/systemd/systemd/run/systemd/units/invocation:apache2.service--- 534500x80000000000000002147679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.547{ec230001-81ca-6262-d08c-ca9d94550000}4465/bin/systemctlroot 534500x80000000000000002147678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.547{ec230001-81ca-6262-5806-f45354560000}4466/bin/systemd-tty-ask-password-agentroot 534500x80000000000000002147680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.548{ec230001-81ca-6262-080e-df3626560000}4464/usr/bin/sudoroot 23542300x80000000000000002147681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.600{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 23542300x80000000000000002147682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.601{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 23542300x80000000000000002147683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.602{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4479<unknown process>root 534500x80000000000000002147691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4480<unknown process>root 534500x80000000000000002147690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4474<unknown process>root 534500x80000000000000002147689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4475<unknown process>root 534500x80000000000000002147688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4478<unknown process>root 534500x80000000000000002147687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{ec230001-81ca-6262-0000-000000000000}4473-root 534500x80000000000000002147686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{00000000-0000-0000-0000-000000000000}4477<unknown process>root 534500x80000000000000002147685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{ec230001-81ca-6262-0000-000000000000}4476-root 23542300x80000000000000002147684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.603{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.630{00000000-0000-0000-0000-000000000000}4482<unknown process>root 534500x80000000000000002147694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.630{00000000-0000-0000-0000-000000000000}4483<unknown process>root 23542300x80000000000000002147693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:02.630{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 354300x80000000000000002147696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:07.337{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36666-false10.0.1.12-8000- 154100x80000000000000002147697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.808{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudo-----sudo systemctl status apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002147698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.811{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudoubuntuudptruefalse127.0.0.1-40678-false127.0.0.53-53- 354300x80000000000000002147701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.812{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40678- 354300x80000000000000002147700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.812{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-60384-false10.0.0.2-53- 354300x80000000000000002147699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.812{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-53399-false10.0.0.2-53- 354300x80000000000000002147704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.813{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51870- 354300x80000000000000002147703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.813{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudoubuntuudptruefalse127.0.0.1-51870-false127.0.0.53-53- 354300x80000000000000002147702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.813{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-51870- 154100x80000000000000002147705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.816{ec230001-81d3-6262-d04c-c1bab7550000}4485/bin/systemctl-----systemctl status apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudosudoubuntu 154100x80000000000000002147706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.819{ec230001-81d3-6262-10f8-733fd4550000}4486/bin/less-----pager/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81d3-6262-d04c-c1bab7550000}4485/bin/systemctlsystemctlroot 534500x80000000000000002147707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.831{ec230001-81d3-6262-10f8-733fd4550000}4486/bin/lessroot 534500x80000000000000002147709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.832{ec230001-81d3-6262-08be-e13c30560000}4484/usr/bin/sudoroot 534500x80000000000000002147708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:11.832{ec230001-81d3-6262-d04c-c1bab7550000}4485/bin/systemctlroot 354300x80000000000000002147710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:13.307{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36668-false10.0.1.12-8000- 154100x80000000000000002147711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.072{ec230001-81da-6262-68f4-3a3bba550000}4487/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002147712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.083{ec230001-81da-6262-68f4-3a3bba550000}4487/bin/psroot 354300x80000000000000002147713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.322{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36670-false10.0.1.12-8000- 154100x80000000000000002147714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.659{ec230001-81da-6262-084e-47e4f4550000}4488/usr/bin/sudo-----sudo systemctl restart apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002147717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.663{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-60208-false10.0.0.2-53- 354300x80000000000000002147716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.663{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-52390-false10.0.0.2-53- 354300x80000000000000002147715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.663{ec230001-81da-6262-084e-47e4f4550000}4488/usr/bin/sudoubuntuudptruefalse127.0.0.1-38587-false127.0.0.53-53- 354300x80000000000000002147719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.664{ec230001-81da-6262-084e-47e4f4550000}4488/usr/bin/sudoubuntuudptruefalse127.0.0.1-33109-false127.0.0.53-53- 354300x80000000000000002147718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.664{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-38587- 354300x80000000000000002147720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.665{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33109- 154100x80000000000000002147721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.667{ec230001-81da-6262-d05c-789cd4550000}4489/bin/systemctl-----systemctl restart apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81da-6262-084e-47e4f4550000}4488/usr/bin/sudosudoubuntu 154100x80000000000000002147722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.677{ec230001-81da-6262-5886-b5cce5550000}4490/bin/systemd-tty-ask-password-agent-----/bin/systemd-tty-ask-password-agent --watch/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-81da-6262-d05c-789cd4550000}4489/bin/systemctlsystemctlroot 154100x80000000000000002147723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.682{ec230001-81da-6262-68a2-dc3525560000}4491/bin/dash-----/bin/sh /usr/sbin/apachectl start/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1--- 154100x80000000000000002147724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.686{ec230001-81da-6262-107e-10ada6550000}4493/usr/bin/id-----id -u/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81da-6262-68a2-dc3525560000}4491/bin/dash/bin/shroot 154100x80000000000000002147726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.688{ec230001-81da-6262-7093-006cd3550000}4496/bin/rm-----rm -f /var/run/apache2/*ssl_scache*/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81da-6262-68a2-dc3525560000}4491/bin/dash/bin/shroot 534500x80000000000000002147725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.688{ec230001-81da-6262-107e-10ada6550000}4493/usr/bin/idroot 154100x80000000000000002147728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.689{ec230001-81da-6262-68b9-6a9386550000}4498/usr/sbin/apache2-----/usr/sbin/apache2 -k start/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{ec230001-81da-6262-68a2-dc3525560000}4491/bin/dash/bin/shroot 534500x80000000000000002147727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.689{ec230001-81da-6262-7093-006cd3550000}4496/bin/rmroot 23542300x80000000000000002147729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.700{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.701{ec230001-81da-6262-0000-000000000000}4501-root 534500x80000000000000002147732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.702{ec230001-81da-6262-0000-000000000000}4505-root 534500x80000000000000002147731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.702{ec230001-81da-6262-0000-000000000000}4499-root 534500x80000000000000002147735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.703{ec230001-81da-6262-0000-000000000000}4495-root 534500x80000000000000002147734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.703{00000000-0000-0000-0000-000000000000}4503<unknown process>root 534500x80000000000000002147733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.703{ec230001-81da-6262-0000-000000000000}4500-root 534500x80000000000000002147740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.712{ec230001-81da-6262-0000-000000000000}4492-root 534500x80000000000000002147739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.712{00000000-0000-0000-0000-000000000000}4504<unknown process>root 534500x80000000000000002147738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.712{00000000-0000-0000-0000-000000000000}4502<unknown process>root 534500x80000000000000002147737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.712{00000000-0000-0000-0000-000000000000}4494<unknown process>root 534500x80000000000000002147736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.712{ec230001-81da-6262-0000-000000000000}4497-root 534500x80000000000000002147743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.744{00000000-0000-0000-0000-000000000000}4508<unknown process>root 534500x80000000000000002147742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.744{00000000-0000-0000-0000-000000000000}4506<unknown process>root 23542300x80000000000000002147741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.744{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{00000000-0000-0000-0000-000000000000}4507<unknown process>root 354300x80000000000000002147749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59202- 354300x80000000000000002147748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-81da-6262-68b9-6a9386550000}4498/usr/sbin/apache2rootudptruefalse127.0.0.1-59202-false127.0.0.53-53- 354300x80000000000000002147747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58799- 354300x80000000000000002147746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-48224-false10.0.0.2-53- 354300x80000000000000002147745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-60307-false10.0.0.2-53- 354300x80000000000000002147744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.746{ec230001-81da-6262-68b9-6a9386550000}4498/usr/sbin/apache2rootudptruefalse127.0.0.1-58799-false127.0.0.53-53- 354300x80000000000000002147753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.747{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45176- 354300x80000000000000002147750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.747{ec230001-81da-6262-68b9-6a9386550000}4498/usr/sbin/apache2rootudptruefalse127.0.0.1-45176-false127.0.0.53-53- 23542300x80000000000000002147754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.748{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.748{ec230001-81da-6262-0000-000000000000}4509-root 534500x80000000000000002147755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.751{ec230001-81da-6262-0000-000000000000}4510-root 23542300x80000000000000002147761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-60ec-6262-c89a-4e13d6550000}462root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:39240--- 354300x80000000000000002147760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-41356-false10.0.0.2-53- 354300x80000000000000002147759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58165-false10.0.0.2-53- 354300x80000000000000002147758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-81da-6262-68b9-6a9386550000}4511/usr/sbin/apache2-udptruefalse127.0.0.1-59936-false127.0.0.53-53- 534500x80000000000000002147757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-81da-6262-68a2-dc3525560000}4491/bin/dashroot 534500x80000000000000002147756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.752{ec230001-81da-6262-68b9-6a9386550000}4498/usr/sbin/apache2root 354300x80000000000000002147764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.753{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36907- 354300x80000000000000002147763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.753{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59936- 354300x80000000000000002147762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.753{ec230001-81da-6262-68b9-6a9386550000}4511/usr/sbin/apache2rootudptruefalse127.0.0.1-36907-false127.0.0.53-53- 354300x80000000000000002147766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.754{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50473- 354300x80000000000000002147765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.754{ec230001-81da-6262-68b9-6a9386550000}4511/usr/sbin/apache2rootudptruefalse127.0.0.1-50473-false127.0.0.53-53- 534500x80000000000000002147767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.755{ec230001-81da-6262-5886-b5cce5550000}4490/bin/systemd-tty-ask-password-agentroot 534500x80000000000000002147768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.757{ec230001-81da-6262-d05c-789cd4550000}4489/bin/systemctlroot 534500x80000000000000002147769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.758{ec230001-81da-6262-68b9-6a9386550000}4512/usr/sbin/apache2www-data 534500x80000000000000002147770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.759{ec230001-81da-6262-68b9-6a9386550000}4514/usr/sbin/apache2www-data 534500x80000000000000002147771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.760{ec230001-81da-6262-084e-47e4f4550000}4488/usr/bin/sudoroot 534500x80000000000000002147774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.764{ec230001-81da-6262-0000-000000000000}4518-root 534500x80000000000000002147773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.764{ec230001-81da-6262-0000-000000000000}4515-root 23542300x80000000000000002147772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.764{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002147776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.768{00000000-0000-0000-0000-000000000000}4535<unknown process>root 534500x80000000000000002147775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:18.768{ec230001-81da-6262-0000-000000000000}4513-root 354300x80000000000000002147777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:23.372{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36672-false10.0.1.12-8000- 354300x80000000000000002147778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:29.269{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36674-false10.0.1.12-8000- 23542300x80000000000000002147779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:22:31.002{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---