354300x80000000000000002143497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:34.470{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36422-false10.0.1.12-8000- 354300x80000000000000002143498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:40.335{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36424-false10.0.1.12-8000- 354300x80000000000000002143499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:45.338{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36426-false10.0.1.12-8000- 354300x80000000000000002143500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:46.740{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39412-false10.0.1.12-8089- 354300x80000000000000002143501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:50.344{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36430-false10.0.1.12-8000- 354300x80000000000000002143502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:12:56.249{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36432-false10.0.1.12-8000- 23542300x80000000000000002143503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:00.857{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:01.344{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36434-false10.0.1.12-8000- 354300x80000000000000002143505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:06.396{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36436-false10.0.1.12-8000- 154100x80000000000000002143506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:08.685{ec230001-7fb4-6262-6824-0b7863550000}2715/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:08.695{ec230001-7fb4-6262-6824-0b7863550000}2715/bin/psroot 354300x80000000000000002143508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:11.436{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36438-false10.0.1.12-8000- 354300x80000000000000002143509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:16.439{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36440-false10.0.1.12-8000- 354300x80000000000000002143510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:22.274{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36442-false10.0.1.12-8000- 354300x80000000000000002143511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:27.380{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36444-false10.0.1.12-8000- 23542300x80000000000000002143512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:31.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:33.269{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36446-false10.0.1.12-8000- 354300x80000000000000002143514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:38.310{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36448-false10.0.1.12-8000- 354300x80000000000000002143515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:43.477{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36450-false10.0.1.12-8000- 354300x80000000000000002143516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:46.745{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39436-false10.0.1.12-8089- 354300x80000000000000002143517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:49.348{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36454-false10.0.1.12-8000- 354300x80000000000000002143518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:13:55.264{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36456-false10.0.1.12-8000- 23542300x80000000000000002143519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:01.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:01.240{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36458-false10.0.1.12-8000- 354300x80000000000000002143521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:06.353{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36460-false10.0.1.12-8000- 154100x80000000000000002143522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:09.740{ec230001-7ff1-6262-6804-60284f560000}2716/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:09.751{ec230001-7ff1-6262-6804-60284f560000}2716/bin/psroot 354300x80000000000000002143524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:11.382{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36462-false10.0.1.12-8000- 354300x80000000000000002143525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:16.400{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36464-false10.0.1.12-8000- 354300x80000000000000002143526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:22.298{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36466-false10.0.1.12-8000- 354300x80000000000000002143527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:27.365{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36468-false10.0.1.12-8000- 23542300x80000000000000002143528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:31.003{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:32.469{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36470-false10.0.1.12-8000- 354300x80000000000000002143530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:38.315{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36472-false10.0.1.12-8000- 354300x80000000000000002143531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:44.314{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36474-false10.0.1.12-8000- 354300x80000000000000002143532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:46.751{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39460-false10.0.1.12-8089- 354300x80000000000000002143533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:49.333{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36478-false10.0.1.12-8000- 354300x80000000000000002143534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:14:54.456{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36480-false10.0.1.12-8000- 354300x80000000000000002143535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:00.297{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36482-false10.0.1.12-8000- 23542300x80000000000000002143536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:01.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:05.471{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36484-false10.0.1.12-8000- 154100x80000000000000002143538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:10.752{ec230001-802e-6262-6804-1986c2550000}2717/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002143539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:10.764{ec230001-802e-6262-6804-1986c2550000}2717/bin/psroot 354300x80000000000000002143540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:11.279{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36486-false10.0.1.12-8000- 354300x80000000000000002143541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:16.436{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36488-false10.0.1.12-8000- 354300x80000000000000002143542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:22.290{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36490-false10.0.1.12-8000- 354300x80000000000000002143543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:27.333{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36492-false10.0.1.12-8000- 23542300x80000000000000002143544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:31.004{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002143545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:33.263{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36494-false10.0.1.12-8000- 354300x80000000000000002143546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:38.330{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36496-false10.0.1.12-8000- 154100x80000000000000002143547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.388{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudo-----sudo apt update/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002143551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47767-false10.0.0.2-53- 354300x80000000000000002143550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-56909-false10.0.0.2-53- 354300x80000000000000002143549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x80000000000000002143548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.392{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudptruefalse127.0.0.1-45689-false127.0.0.53-53- 354300x80000000000000002143554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-45689- 354300x80000000000000002143553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45689- 354300x80000000000000002143552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.393{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-47767- 354300x80000000000000002143556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.415{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37983- 354300x80000000000000002143555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.415{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoubuntuudptruefalse127.0.0.1-37983-false127.0.0.53-53- 154100x80000000000000002143557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.418{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/apt-----apt update/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudosudoubuntu 154100x80000000000000002143558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.423{ec230001-804e-6262-7091-0e14d1550000}2720/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.426{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.cKvqXo--- 534500x80000000000000002143559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.426{ec230001-804e-6262-7091-0e14d1550000}2720/usr/bin/dpkgroot 23542300x80000000000000002143561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.431{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.5SxTSr--- 23542300x80000000000000002143562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.435{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.y633Ou--- 23542300x80000000000000002143563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.437{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.7SAwLx--- 23542300x80000000000000002143564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.438{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.iD0dIA--- 23542300x80000000000000002143565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.443{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.FI3HFD--- 23542300x80000000000000002143566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.445{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.66osDG--- 23542300x80000000000000002143567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.449{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.jtbXBJ--- 23542300x80000000000000002143568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.451{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.Yx9HAM--- 23542300x80000000000000002143569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.452{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.FnmJzP--- 23542300x80000000000000002143570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.453{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.UIcXyS--- 23542300x80000000000000002143571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.455{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.7LVnyV--- 23542300x80000000000000002143572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.456{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.KVI1xY--- 23542300x80000000000000002143573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.457{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.xRaWx1--- 23542300x80000000000000002143574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.460{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.ag3cy4--- 23542300x80000000000000002143575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.461{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.bPZIy7--- 23542300x80000000000000002143576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.463{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.cqVuza--- 154100x80000000000000002143577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.464{ec230001-804e-6262-b983-f3526d550000}2721/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 154100x80000000000000002143579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.473{ec230001-804e-6262-b953-1d86f4550000}2722/usr/lib/apt/methods/http-----/usr/lib/apt/methods/https/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.473{ec230001-804e-6262-b983-f3526d550000}2721/usr/lib/apt/methods/httproot 154100x80000000000000002143586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/http-----/usr/lib/apt/methods/https/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.vGvcRp--- 23542300x80000000000000002143584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.IniENm--- 23542300x80000000000000002143583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.LDo6Jj--- 23542300x80000000000000002143582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.oYNyGg--- 23542300x80000000000000002143581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/.apt-acquire-privs-test.Rzy1Cd--- 534500x80000000000000002143580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.479{ec230001-804e-6262-b953-1d86f4550000}2722/usr/lib/apt/methods/httproot 154100x80000000000000002143587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.485{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 23542300x80000000000000002143588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.486{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000002143589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.487{ec230001-804e-6262-0000-000000000000}2725-root 154100x80000000000000002143590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.491{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 354300x80000000000000002143596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-58179-false127.0.0.53-53- 354300x80000000000000002143595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-51814-false127.0.0.53-53- 354300x80000000000000002143593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58105-false10.0.0.2-53- 354300x80000000000000002143592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-41745-false10.0.0.2-53- 354300x80000000000000002143591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.498{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-33656-false127.0.0.53-53- 354300x80000000000000002143594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.499{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-36806-false10.0.0.2-53- 354300x80000000000000002143598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.500{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51814- 354300x80000000000000002143597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.500{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33656- 354300x80000000000000002143604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58371-false10.0.0.2-53- 354300x80000000000000002143603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-46231-false10.0.0.2-53- 354300x80000000000000002143602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47331-false10.0.0.2-53- 354300x80000000000000002143601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-45137-false10.0.0.2-53- 354300x80000000000000002143600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-57544-false127.0.0.53-53- 354300x80000000000000002143599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.501{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-43980-false127.0.0.53-53- 354300x80000000000000002143606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-57544- 354300x80000000000000002143605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43980- 354300x80000000000000002143607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.504{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-49556-false52.15.102.108-80- 154100x80000000000000002143608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.507{ec230001-804e-6262-60ba-fe4bbf550000}2727/usr/lib/apt/methods/gpgv-----/usr/lib/apt/methods/gpgv/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.512{ec230001-804e-6262-60ba-fe4bbf550000}2727/usr/lib/apt/methods/gpgvroot 354300x80000000000000002143609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.512{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-36806- 154100x80000000000000002143613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-804e-6262-60ea-87805b550000}2728/usr/lib/apt/methods/gpgv-----/usr/lib/apt/methods/gpgv/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 354300x80000000000000002143612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-60758-false127.0.0.53-53- 354300x80000000000000002143611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.513{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58179- 354300x80000000000000002143615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-34603-false10.0.0.2-53- 354300x80000000000000002143614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.514{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-59510-false10.0.0.2-53- 354300x80000000000000002143616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.527{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60758- 154100x80000000000000002143617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.533{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.5bxI7z /tmp/apt.data.8d3ThD/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2729--- 534500x80000000000000002143619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.536{00000000-0000-0000-0000-000000000000}2731<unknown process>_apt 354300x80000000000000002143618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.536{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47112-false10.0.0.2-53- 154100x80000000000000002143620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.537{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.541{ec230001-804e-6262-70f1-c5f464550000}2733/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-configapt-config_apt 534500x80000000000000002143623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.544{ec230001-804e-6262-7304-b8c921560000}2732/usr/bin/apt-config_apt 534500x80000000000000002143622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.544{ec230001-804e-6262-70f1-c5f464550000}2733/usr/bin/dpkg_apt 154100x80000000000000002143624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.545{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.549{ec230001-804e-6262-7041-2d34a0550000}2735/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-configapt-config_apt 354300x80000000000000002143625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.549{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-34868-false13.90.56.68-443- 534500x80000000000000002143627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.554{ec230001-804e-6262-7041-2d34a0550000}2735/usr/bin/dpkg_apt 154100x80000000000000002143629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.555{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.555{ec230001-804e-6262-7314-31eaeb550000}2734/usr/bin/apt-config_apt 154100x80000000000000002143630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.560{ec230001-804e-6262-70b1-ce76ac550000}2737/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-configapt-config_apt 534500x80000000000000002143631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.562{ec230001-804e-6262-70b1-ce76ac550000}2737/usr/bin/dpkg_apt 154100x80000000000000002143633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.563{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.563{ec230001-804e-6262-7314-5399ac550000}2736/usr/bin/apt-config_apt 154100x80000000000000002143634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.569{ec230001-804e-6262-70c1-08fafb550000}2739/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-configapt-config_apt 534500x80000000000000002143635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.571{ec230001-804e-6262-70c1-08fafb550000}2739/usr/bin/dpkg_apt 534500x80000000000000002143636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.573{ec230001-804e-6262-7304-55a4f5550000}2738/usr/bin/apt-config_apt 154100x80000000000000002143637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.576{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.583{ec230001-804e-6262-7021-070fd8550000}2741/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-configapt-config_apt 534500x80000000000000002143639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.585{ec230001-804e-6262-7021-070fd8550000}2741/usr/bin/dpkg_apt 534500x80000000000000002143640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.586{ec230001-804e-6262-7324-ebea1e560000}2740/usr/bin/apt-config_apt 154100x80000000000000002143641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.587{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 354300x80000000000000002143642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.588{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-55588-false185.125.190.39-80- 154100x80000000000000002143643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.596{ec230001-804e-6262-70e1-4f5d4d560000}2743/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-configapt-config_apt 534500x80000000000000002143644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.597{ec230001-804e-6262-70e1-4f5d4d560000}2743/usr/bin/dpkg_apt 534500x80000000000000002143646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.598{ec230001-804e-6262-0000-000000000000}2744-_apt 534500x80000000000000002143645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.598{ec230001-804e-6262-73d4-def108560000}2742/usr/bin/apt-config_apt 154100x80000000000000002143647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.599{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.609{ec230001-804e-6262-70a1-56df96550000}2746/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-configapt-config_apt 534500x80000000000000002143650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.611{ec230001-804e-6262-7304-10debb550000}2745/usr/bin/apt-config_apt 534500x80000000000000002143649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.611{ec230001-804e-6262-70a1-56df96550000}2746/usr/bin/dpkg_apt 154100x80000000000000002143651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.612{ec230001-804e-6262-a850-e38534560000}2747/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.613{ec230001-804e-6262-e0f1-7cd995550000}2748/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.613{ec230001-804e-6262-a850-e38534560000}2747/bin/mktemp_apt 154100x80000000000000002143655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.614{ec230001-804e-6262-c0e5-8e18e0550000}2749/bin/readlink-----readlink -f /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.614{ec230001-804e-6262-e0f1-7cd995550000}2748/bin/chmod_apt 154100x80000000000000002143657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.615{ec230001-804e-6262-7033-2f490b560000}2750/bin/rm-----rm -f /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.615{ec230001-804e-6262-c0e5-8e18e0550000}2749/bin/readlink_apt 154100x80000000000000002143659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.619{ec230001-804e-6262-1080-0e8402560000}2751/bin/touch-----touch /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.619{ec230001-804e-6262-7033-2f490b560000}2750/bin/rm_apt 534500x80000000000000002143660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.620{ec230001-804e-6262-1080-0e8402560000}2751/bin/touch_apt 154100x80000000000000002143661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.621{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.626{ec230001-804e-6262-7011-660f73550000}2753/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-configapt-config_apt 534500x80000000000000002143664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.628{ec230001-804e-6262-7364-634a4f560000}2752/usr/bin/apt-config_apt 534500x80000000000000002143663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.628{ec230001-804e-6262-7011-660f73550000}2753/usr/bin/dpkg_apt 534500x80000000000000002143666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.629{ec230001-804e-6262-c065-b71a13560000}2754/bin/readlink_apt 154100x80000000000000002143665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.629{ec230001-804e-6262-c065-b71a13560000}2754/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 154100x80000000000000002143667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.630{ec230001-804e-6262-90d0-964d96550000}2755/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.631{ec230001-804e-6262-90d0-964d96550000}2755/usr/bin/find_apt 154100x80000000000000002143670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.632{ec230001-804e-6262-18ca-f31a46560000}2758/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2756--- 534500x80000000000000002143669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.632{00000000-0000-0000-0000-000000000000}2757<unknown process>_apt 154100x80000000000000002143674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{ec230001-804e-6262-487e-f11b64550000}2760/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{00000000-0000-0000-0000-000000000000}2759<unknown process>_apt 534500x80000000000000002143672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{00000000-0000-0000-0000-000000000000}2756<unknown process>_apt 534500x80000000000000002143671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.633{ec230001-804e-6262-18ca-f31a46560000}2758/usr/bin/sort_apt 534500x80000000000000002143675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.634{ec230001-804e-6262-487e-f11b64550000}2760/usr/bin/cmp_apt 154100x80000000000000002143677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.635{ec230001-804e-6262-d029-050602560000}2762/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.635{00000000-0000-0000-0000-000000000000}2761<unknown process>_apt 154100x80000000000000002143680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{ec230001-804e-6262-48de-9c99a9550000}2764/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{00000000-0000-0000-0000-000000000000}2763<unknown process>_apt 534500x80000000000000002143678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.636{ec230001-804e-6262-d029-050602560000}2762/bin/cat_apt 534500x80000000000000002143681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.637{ec230001-804e-6262-48de-9c99a9550000}2764/usr/bin/cmp_apt 534500x80000000000000002143684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-d069-0509f4550000}2766/bin/cat_apt 154100x80000000000000002143683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-d069-0509f4550000}2766/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.638{ec230001-804e-6262-0000-000000000000}2765-_apt 154100x80000000000000002143686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.639{ec230001-804e-6262-486e-e22567550000}2768/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.639{00000000-0000-0000-0000-000000000000}2767<unknown process>_apt 534500x80000000000000002143687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.640{ec230001-804e-6262-486e-e22567550000}2768/usr/bin/cmp_apt 154100x80000000000000002143689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.641{ec230001-804e-6262-d089-9e19eb550000}2770/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.641{00000000-0000-0000-0000-000000000000}2769<unknown process>_apt 154100x80000000000000002143692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.642{ec230001-804e-6262-48ce-1f3a02560000}2772/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.642{ec230001-804e-6262-d089-9e19eb550000}2770/bin/cat_apt 534500x80000000000000002143691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.643{00000000-0000-0000-0000-000000000000}2771<unknown process>_apt 154100x80000000000000002143695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-d0b9-067e4c560000}2774/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-0000-000000000000}2773-_apt 534500x80000000000000002143693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.644{ec230001-804e-6262-48ce-1f3a02560000}2772/usr/bin/cmp_apt 154100x80000000000000002143697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.645{ec230001-804e-6262-982a-a43e80550000}2775/bin/cp-----cp -a /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.645{ec230001-804e-6262-d0b9-067e4c560000}2774/bin/cat_apt 154100x80000000000000002143700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-f84a-2ac76b550000}2778/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2776--- 534500x80000000000000002143699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-0000-000000000000}2777-_apt 534500x80000000000000002143698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.652{ec230001-804e-6262-982a-a43e80550000}2775/bin/cp_apt 154100x80000000000000002143704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{ec230001-804e-6262-f8aa-8231f8550000}2781/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2779--- 534500x80000000000000002143703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{00000000-0000-0000-0000-000000000000}2780<unknown process>_apt 534500x80000000000000002143702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{00000000-0000-0000-0000-000000000000}2776<unknown process>_apt 534500x80000000000000002143701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.654{ec230001-804e-6262-f84a-2ac76b550000}2778/bin/sed_apt 154100x80000000000000002143707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{ec230001-804e-6262-789e-3cef24560000}2782/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.N1QYtwIK3O --keyring /tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.5bxI7z /tmp/apt.data.8d3ThD/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{00000000-0000-0000-0000-000000000000}2779<unknown process>_apt 534500x80000000000000002143705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.655{ec230001-804e-6262-f8aa-8231f8550000}2781/bin/sed_apt 154100x80000000000000002143709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.665{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.665{ec230001-804e-6262-789e-3cef24560000}2782/usr/bin/gpgv_apt 154100x80000000000000002143710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.666{ec230001-804e-6262-30c8-477bee550000}2784/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.669{ec230001-804e-6262-3088-092a04560000}2785/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.669{ec230001-804e-6262-30c8-477bee550000}2784/usr/bin/gpg-connect-agent_apt 534500x80000000000000002143713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.670{ec230001-804e-6262-3088-092a04560000}2785/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.671{ec230001-804e-6262-30a8-41918f550000}2786/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-7003-6b01c3550000}2787/bin/rm-----rm -rf /tmp/apt-key-gpghome.N1QYtwIK3O/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash/bin/sh_apt 534500x80000000000000002143716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-b00f-373d8d550000}2783/usr/bin/gpgconf_apt 534500x80000000000000002143715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.672{ec230001-804e-6262-30a8-41918f550000}2786/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002143725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.5bxI7z--- 23542300x80000000000000002143724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.8d3ThD--- 23542300x80000000000000002143723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-60ea-87805b550000}2729_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.w5bxXw--- 534500x80000000000000002143722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-6852-3b93ab550000}2730/bin/dash_apt 534500x80000000000000002143721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787/bin/rm_apt 23542300x80000000000000002143720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/pubring.gpg--- 23542300x80000000000000002143719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/pubring.orig.gpg--- 23542300x80000000000000002143718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.673{ec230001-804e-6262-7003-6b01c3550000}2787_apt/bin/rm/tmp/apt-key-gpghome.N1QYtwIK3O/gpg.1.sh--- 23542300x80000000000000002143727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.674{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.GpIMrt--- 534500x80000000000000002143726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.674{ec230001-804e-6262-60ea-87805b550000}2729/usr/lib/apt/methods/gpgv_apt 534500x80000000000000002143729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.682{00000000-0000-0000-0000-000000000000}2788<unknown process>root 23542300x80000000000000002143728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.682{ec230001-60ec-6262-f8ed-f0827b550000}478root/lib/systemd/systemd-udevd/run/udev/queue--- 154100x80000000000000002143730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.687{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.DCb9IM /tmp/apt.data.McZTkQ/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2789--- 154100x80000000000000002143732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.688{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.688{00000000-0000-0000-0000-000000000000}2791<unknown process>_apt 154100x80000000000000002143733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.692{ec230001-804e-6262-7091-9ea63b560000}2793/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-configapt-config_apt 154100x80000000000000002143736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7324-bce73c560000}2792/usr/bin/apt-config_apt 534500x80000000000000002143734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.695{ec230001-804e-6262-7091-9ea63b560000}2793/usr/bin/dpkg_apt 154100x80000000000000002143737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.700{ec230001-804e-6262-70b1-154e64550000}2795/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-configapt-config_apt 534500x80000000000000002143738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.702{ec230001-804e-6262-70b1-154e64550000}2795/usr/bin/dpkg_apt 154100x80000000000000002143740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.703{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.703{ec230001-804e-6262-7374-b48b8f550000}2794/usr/bin/apt-config_apt 154100x80000000000000002143741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.707{ec230001-804e-6262-7091-6c490b560000}2797/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-configapt-config_apt 534500x80000000000000002143742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.709{ec230001-804e-6262-7091-6c490b560000}2797/usr/bin/dpkg_apt 154100x80000000000000002143744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.710{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.710{ec230001-804e-6262-7384-bd00bc550000}2796/usr/bin/apt-config_apt 154100x80000000000000002143745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.716{ec230001-804e-6262-7041-7aad8f550000}2799/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-configapt-config_apt 534500x80000000000000002143746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.718{ec230001-804e-6262-7041-7aad8f550000}2799/usr/bin/dpkg_apt 534500x80000000000000002143747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.721{ec230001-804e-6262-7304-34b7d0550000}2798/usr/bin/apt-config_apt 154100x80000000000000002143748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.722{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.726{ec230001-804e-6262-7051-cde454560000}2801/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-configapt-config_apt 534500x80000000000000002143750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.729{ec230001-804e-6262-7051-cde454560000}2801/usr/bin/dpkg_apt 534500x80000000000000002143751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.730{ec230001-804e-6262-7394-b3293a560000}2800/usr/bin/apt-config_apt 154100x80000000000000002143752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.731{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.736{ec230001-804e-6262-70b1-0c822b560000}2803/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-configapt-config_apt 534500x80000000000000002143756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-60ea-87805b550000}2804-_apt 534500x80000000000000002143755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-73c4-d421a1550000}2802/usr/bin/apt-config_apt 534500x80000000000000002143754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.738{ec230001-804e-6262-70b1-0c822b560000}2803/usr/bin/dpkg_apt 154100x80000000000000002143757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.739{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 154100x80000000000000002143758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.744{ec230001-804e-6262-70d1-d37a7f550000}2806/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-configapt-config_apt 534500x80000000000000002143759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.746{ec230001-804e-6262-70d1-d37a7f550000}2806/usr/bin/dpkg_apt 154100x80000000000000002143761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.747{ec230001-804e-6262-a8f0-e5fdcb550000}2807/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.747{ec230001-804e-6262-7394-e90590550000}2805/usr/bin/apt-config_apt 154100x80000000000000002143763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.748{ec230001-804e-6262-e0f1-38da0f560000}2808/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.748{ec230001-804e-6262-a8f0-e5fdcb550000}2807/bin/mktemp_apt 154100x80000000000000002143765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.749{ec230001-804e-6262-c0b5-1f26b3550000}2809/bin/readlink-----readlink -f /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.749{ec230001-804e-6262-e0f1-38da0f560000}2808/bin/chmod_apt 154100x80000000000000002143769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-1050-cb8957550000}2811/bin/touch-----touch /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-7083-ca8f1f560000}2810/bin/rm_apt 154100x80000000000000002143767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-7083-ca8f1f560000}2810/bin/rm-----rm -f /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.750{ec230001-804e-6262-c0b5-1f26b3550000}2809/bin/readlink_apt 154100x80000000000000002143771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.751{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.751{ec230001-804e-6262-1050-cb8957550000}2811/bin/touch_apt 154100x80000000000000002143772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.756{ec230001-804e-6262-70e1-4b1460550000}2813/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-configapt-config_apt 534500x80000000000000002143773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.758{ec230001-804e-6262-70e1-4b1460550000}2813/usr/bin/dpkg_apt 154100x80000000000000002143775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.759{ec230001-804e-6262-c0b5-956d58550000}2814/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.759{ec230001-804e-6262-73e4-ca3aa5550000}2812/usr/bin/apt-config_apt 154100x80000000000000002143777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.760{ec230001-804e-6262-90b0-62374a560000}2815/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.760{ec230001-804e-6262-c0b5-956d58550000}2814/bin/readlink_apt 534500x80000000000000002143778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.761{ec230001-804e-6262-90b0-62374a560000}2815/usr/bin/find_apt 154100x80000000000000002143780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.762{ec230001-804e-6262-185a-45bbdc550000}2818/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2816--- 534500x80000000000000002143779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.762{00000000-0000-0000-0000-000000000000}2817<unknown process>_apt 154100x80000000000000002143784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-48ee-1bef8b550000}2820/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{00000000-0000-0000-0000-000000000000}2819<unknown process>_apt 534500x80000000000000002143782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-60ea-87805b550000}2816-_apt 534500x80000000000000002143781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.763{ec230001-804e-6262-185a-45bbdc550000}2818/usr/bin/sort_apt 154100x80000000000000002143787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-d0f9-4e0ad3550000}2822/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-60ea-87805b550000}2821-_apt 534500x80000000000000002143785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.764{ec230001-804e-6262-48ee-1bef8b550000}2820/usr/bin/cmp_apt 154100x80000000000000002143790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.765{ec230001-804e-6262-481e-d62d35560000}2824/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.765{ec230001-804e-6262-d0f9-4e0ad3550000}2822/bin/cat_apt 534500x80000000000000002143791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.766{ec230001-804e-6262-481e-d62d35560000}2824/usr/bin/cmp_apt 534500x80000000000000002143789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.766{00000000-0000-0000-0000-000000000000}2823<unknown process>_apt 154100x80000000000000002143793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.767{ec230001-804e-6262-d0b9-9af0f6550000}2826/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.767{ec230001-804e-6262-60ea-87805b550000}2825-_apt 154100x80000000000000002143796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{ec230001-804e-6262-482e-b04d41560000}2828/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{00000000-0000-0000-0000-000000000000}2827<unknown process>_apt 534500x80000000000000002143794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.768{ec230001-804e-6262-d0b9-9af0f6550000}2826/bin/cat_apt 154100x80000000000000002143799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-d099-40e655550000}2830/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-60ea-87805b550000}2829-_apt 534500x80000000000000002143797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.769{ec230001-804e-6262-482e-b04d41560000}2828/usr/bin/cmp_apt 154100x80000000000000002143802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-486e-725ba8550000}2832/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-0000-000000000000}2831-_apt 534500x80000000000000002143800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.770{ec230001-804e-6262-d099-40e655550000}2830/bin/cat_apt 154100x80000000000000002143805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-d059-d517b4550000}2834/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-0000-000000000000}2833-_apt 534500x80000000000000002143803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.771{ec230001-804e-6262-486e-725ba8550000}2832/usr/bin/cmp_apt 154100x80000000000000002143807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.773{ec230001-804e-6262-988a-72b323560000}2835/bin/cp-----cp -a /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg /tmp/apt-key-gpghome.wbypAABFIG/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.773{ec230001-804e-6262-d059-d517b4550000}2834/bin/cat_apt 154100x80000000000000002143810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{ec230001-804e-6262-f80a-acfcb8550000}2838/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2836--- 534500x80000000000000002143809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{00000000-0000-0000-0000-000000000000}2837<unknown process>_apt 534500x80000000000000002143808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.775{ec230001-804e-6262-988a-72b323560000}2835/bin/cp_apt 154100x80000000000000002143814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{ec230001-804e-6262-f82a-e75a59550000}2841/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2839--- 534500x80000000000000002143812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{00000000-0000-0000-0000-000000000000}2836<unknown process>_apt 534500x80000000000000002143811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.777{ec230001-804e-6262-f80a-acfcb8550000}2838/bin/sed_apt 534500x80000000000000002143813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.778{00000000-0000-0000-0000-000000000000}2840<unknown process>_apt 154100x80000000000000002143817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{ec230001-804e-6262-789e-178435560000}2842/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.wbypAABFIG --keyring /tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.DCb9IM /tmp/apt.data.McZTkQ/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{00000000-0000-0000-0000-000000000000}2839<unknown process>_apt 534500x80000000000000002143815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.779{ec230001-804e-6262-f82a-e75a59550000}2841/bin/sed_apt 154100x80000000000000002143819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.783{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.783{ec230001-804e-6262-789e-178435560000}2842/usr/bin/gpgv_apt 154100x80000000000000002143820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.784{ec230001-804e-6262-30c8-ff940d560000}2844/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.786{ec230001-804e-6262-3048-2930b0550000}2845/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.786{ec230001-804e-6262-30c8-ff940d560000}2844/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.787{ec230001-804e-6262-30f8-1f9d45560000}2846/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.787{ec230001-804e-6262-3048-2930b0550000}2845/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-7043-4ae795550000}2847/bin/rm-----rm -rf /tmp/apt-key-gpghome.wbypAABFIG/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash/bin/sh_apt 534500x80000000000000002143826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-b03f-f72db1550000}2843/usr/bin/gpgconf_apt 534500x80000000000000002143825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.789{ec230001-804e-6262-30f8-1f9d45560000}2846/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002143835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.DCb9IM--- 23542300x80000000000000002143834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.McZTkQ--- 23542300x80000000000000002143833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-60ea-87805b550000}2789_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.EqDo7I--- 534500x80000000000000002143832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-68b2-08db43560000}2790/bin/dash_apt 534500x80000000000000002143831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847/bin/rm_apt 23542300x80000000000000002143830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/pubring.gpg--- 23542300x80000000000000002143829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/pubring.orig.gpg--- 23542300x80000000000000002143828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.790{ec230001-804e-6262-7043-4ae795550000}2847_apt/bin/rm/tmp/apt-key-gpghome.wbypAABFIG/gpg.1.sh--- 23542300x80000000000000002143837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.791{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.f9Fbmx--- 534500x80000000000000002143836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.791{ec230001-804e-6262-60ea-87805b550000}2789/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002143838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.793{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.co5UgB--- 154100x80000000000000002143839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.801{ec230001-804e-6262-6892-129335560000}2849/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.ngwuXX /tmp/apt.data.baxJS1/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2848--- 534500x80000000000000002143840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.806{ec230001-804e-6262-0000-000000000000}2850-_apt 154100x80000000000000002143841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.807{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.812{ec230001-804e-6262-7031-7c4afd550000}2852/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-configapt-config_apt 534500x80000000000000002143843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.814{ec230001-804e-6262-7031-7c4afd550000}2852/usr/bin/dpkg_apt 154100x80000000000000002143845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.815{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.815{ec230001-804e-6262-7314-52c398550000}2851/usr/bin/apt-config_apt 154100x80000000000000002143846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.820{ec230001-804e-6262-70b1-e02a9f550000}2854/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-configapt-config_apt 154100x80000000000000002143849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-73f4-1b6805560000}2853/usr/bin/apt-config_apt 534500x80000000000000002143847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.822{ec230001-804e-6262-70b1-e02a9f550000}2854/usr/bin/dpkg_apt 154100x80000000000000002143850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.829{ec230001-804e-6262-7031-49013a560000}2856/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-configapt-config_apt 534500x80000000000000002143851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.831{ec230001-804e-6262-7031-49013a560000}2856/usr/bin/dpkg_apt 154100x80000000000000002143853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.832{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.832{ec230001-804e-6262-7344-5e2aad550000}2855/usr/bin/apt-config_apt 154100x80000000000000002143854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.836{ec230001-804e-6262-7021-727272550000}2858/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-configapt-config_apt 534500x80000000000000002143855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.839{ec230001-804e-6262-7021-727272550000}2858/usr/bin/dpkg_apt 154100x80000000000000002143857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.840{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.840{ec230001-804e-6262-73a4-da7c83550000}2857/usr/bin/apt-config_apt 154100x80000000000000002143859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.845{ec230001-804e-6262-8915-2a0ffc550000}2861/usr/lib/apt/methods/store-----/usr/lib/apt/methods/store/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 154100x80000000000000002143858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.845{ec230001-804e-6262-7071-4521ef550000}2860/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-configapt-config_apt 154100x80000000000000002143862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7384-098793550000}2859/usr/bin/apt-config_apt 534500x80000000000000002143860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.847{ec230001-804e-6262-7071-4521ef550000}2860/usr/bin/dpkg_apt 154100x80000000000000002143864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.849{ec230001-804e-6262-8965-0e7ce9550000}2863/usr/lib/apt/methods/store-----/usr/lib/apt/methods/store/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002143863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.849{ec230001-804e-6262-8915-2a0ffc550000}2861/usr/lib/apt/methods/storeroot 154100x80000000000000002143865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.853{ec230001-804e-6262-70f1-fac237560000}2864/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-configapt-config_apt 534500x80000000000000002143867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.856{ec230001-804e-6262-7344-b33dc7550000}2862/usr/bin/apt-config_apt 534500x80000000000000002143866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.856{ec230001-804e-6262-70f1-fac237560000}2864/usr/bin/dpkg_apt 154100x80000000000000002143869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.857{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.857{ec230001-804e-6262-0000-000000000000}2865-_apt 154100x80000000000000002143870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.862{ec230001-804e-6262-7021-0c7265550000}2867/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-configapt-config_apt 534500x80000000000000002143871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.863{ec230001-804e-6262-7021-0c7265550000}2867/usr/bin/dpkg_apt 154100x80000000000000002143873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.864{ec230001-804e-6262-a8b0-539379550000}2868/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.864{ec230001-804e-6262-7354-1c83dc550000}2866/usr/bin/apt-config_apt 154100x80000000000000002143875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.865{ec230001-804e-6262-e061-503985550000}2869/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.865{ec230001-804e-6262-a8b0-539379550000}2868/bin/mktemp_apt 154100x80000000000000002143877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.866{ec230001-804e-6262-c0c5-fe1f8b550000}2870/bin/readlink-----readlink -f /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.866{ec230001-804e-6262-e061-503985550000}2869/bin/chmod_apt 154100x80000000000000002143879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.867{ec230001-804e-6262-70e3-13523d560000}2871/bin/rm-----rm -f /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.867{ec230001-804e-6262-c0c5-fe1f8b550000}2870/bin/readlink_apt 154100x80000000000000002143881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.868{ec230001-804e-6262-1020-017ce1550000}2872/bin/touch-----touch /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.868{ec230001-804e-6262-70e3-13523d560000}2871/bin/rm_apt 154100x80000000000000002143883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.869{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.869{ec230001-804e-6262-1020-017ce1550000}2872/bin/touch_apt 154100x80000000000000002143884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.874{ec230001-804e-6262-7011-3bedd0550000}2874/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-configapt-config_apt 534500x80000000000000002143885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.876{ec230001-804e-6262-7011-3bedd0550000}2874/usr/bin/dpkg_apt 154100x80000000000000002143887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.877{ec230001-804e-6262-c005-da9bbf550000}2875/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.877{ec230001-804e-6262-73a4-6b8c50560000}2873/usr/bin/apt-config_apt 154100x80000000000000002143889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.878{ec230001-804e-6262-9060-c74b73550000}2876/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.878{ec230001-804e-6262-c005-da9bbf550000}2875/bin/readlink_apt 534500x80000000000000002143890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.879{ec230001-804e-6262-9060-c74b73550000}2876/usr/bin/find_apt 154100x80000000000000002143892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.880{ec230001-804e-6262-18ca-4e7d3c560000}2879/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2877--- 534500x80000000000000002143891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.880{ec230001-804e-6262-0000-000000000000}2878-_apt 154100x80000000000000002143896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{ec230001-804e-6262-482e-d8c8c7550000}2881/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{00000000-0000-0000-0000-000000000000}2877<unknown process>_apt 534500x80000000000000002143893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.881{ec230001-804e-6262-18ca-4e7d3c560000}2879/usr/bin/sort_apt 534500x80000000000000002143898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{ec230001-804e-6262-0000-000000000000}2882-_apt 534500x80000000000000002143897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{ec230001-804e-6262-482e-d8c8c7550000}2881/usr/bin/cmp_apt 534500x80000000000000002143895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.882{00000000-0000-0000-0000-000000000000}2880<unknown process>_apt 534500x80000000000000002143900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.883{ec230001-804e-6262-d009-b6f7d0550000}2883/bin/cat_apt 154100x80000000000000002143899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.883{ec230001-804e-6262-d009-b6f7d0550000}2883/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{ec230001-804e-6262-489e-7b0360550000}2885/usr/bin/cmp_apt 534500x80000000000000002143902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{00000000-0000-0000-0000-000000000000}2884<unknown process>_apt 154100x80000000000000002143901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.884{ec230001-804e-6262-489e-7b0360550000}2885/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.885{ec230001-804e-6262-d0a9-bb1bfb550000}2887/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.885{ec230001-804e-6262-0000-000000000000}2886-_apt 154100x80000000000000002143908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{ec230001-804e-6262-488e-0c7e16560000}2889/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{00000000-0000-0000-0000-000000000000}2888<unknown process>_apt 534500x80000000000000002143906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.886{ec230001-804e-6262-d0a9-bb1bfb550000}2887/bin/cat_apt 154100x80000000000000002143911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-d059-5f3a99550000}2891/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-0000-000000000000}2890-_apt 534500x80000000000000002143909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.887{ec230001-804e-6262-488e-0c7e16560000}2889/usr/bin/cmp_apt 154100x80000000000000002143914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-488e-795e78550000}2893/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-0000-000000000000}2892-_apt 534500x80000000000000002143912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.888{ec230001-804e-6262-d059-5f3a99550000}2891/bin/cat_apt 534500x80000000000000002143916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.889{ec230001-804e-6262-0000-000000000000}2894-_apt 534500x80000000000000002143915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.889{ec230001-804e-6262-488e-795e78550000}2893/usr/bin/cmp_apt 534500x80000000000000002143918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.890{ec230001-804e-6262-d079-5cc6c2550000}2895/bin/cat_apt 154100x80000000000000002143917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.890{ec230001-804e-6262-d079-5cc6c2550000}2895/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 154100x80000000000000002143919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.893{ec230001-804e-6262-980a-af82aa550000}2896/bin/cp-----cp -a /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-0000-000000000000}2898-_apt 154100x80000000000000002143921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-f8fa-dcd863550000}2899/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2897--- 534500x80000000000000002143920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.895{ec230001-804e-6262-980a-af82aa550000}2896/bin/cp_apt 154100x80000000000000002143926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-f83a-0fef6d550000}2902/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2900--- 534500x80000000000000002143925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-0000-000000000000}2901-_apt 534500x80000000000000002143924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-0000-000000000000}2897-_apt 534500x80000000000000002143923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.897{ec230001-804e-6262-f8fa-dcd863550000}2899/bin/sed_apt 154100x80000000000000002143929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-78ce-6e6320560000}2903/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.M5BY5OUQ5C --keyring /tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.ngwuXX /tmp/apt.data.baxJS1/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-0000-000000000000}2900-_apt 534500x80000000000000002143927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.899{ec230001-804e-6262-f83a-0fef6d550000}2902/bin/sed_apt 154100x80000000000000002143931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.902{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.902{ec230001-804e-6262-78ce-6e6320560000}2903/usr/bin/gpgv_apt 154100x80000000000000002143932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.903{ec230001-804e-6262-3038-e013c0550000}2905/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002143934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.905{ec230001-804e-6262-30f8-2050a7550000}2906/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.905{ec230001-804e-6262-3038-e013c0550000}2905/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.906{ec230001-804e-6262-30b8-b93943560000}2907/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002143935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.906{ec230001-804e-6262-30f8-2050a7550000}2906/usr/bin/gpg-connect-agent_apt 154100x80000000000000002143939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-70b3-cfe791550000}2908/bin/rm-----rm -rf /tmp/apt-key-gpghome.M5BY5OUQ5C/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-6892-129335560000}2849/bin/dash/bin/sh_apt 534500x80000000000000002143938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-b0cf-888749560000}2904/usr/bin/gpgconf_apt 534500x80000000000000002143937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.908{ec230001-804e-6262-30b8-b93943560000}2907/usr/bin/gpg-connect-agent_apt 534500x80000000000000002143944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-6892-129335560000}2849/bin/dash_apt 534500x80000000000000002143943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908/bin/rm_apt 23542300x80000000000000002143942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.gpg--- 23542300x80000000000000002143941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/pubring.orig.gpg--- 23542300x80000000000000002143940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.909{ec230001-804e-6262-70b3-cfe791550000}2908_apt/bin/rm/tmp/apt-key-gpghome.M5BY5OUQ5C/gpg.1.sh--- 534500x80000000000000002143948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002143947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.ngwuXX--- 23542300x80000000000000002143946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.baxJS1--- 23542300x80000000000000002143945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.910{ec230001-804e-6262-60ea-87805b550000}2848_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.TFHf2T--- 23542300x80000000000000002143949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.911{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.TG3xvF--- 23542300x80000000000000002143950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.913{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.2vcxKJ--- 154100x80000000000000002143951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.917{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.DYEwG3 /tmp/apt.data.oSv6V7/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2909--- 534500x80000000000000002143952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.918{ec230001-804e-6262-0000-000000000000}2911-_apt 154100x80000000000000002143953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.919{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.925{ec230001-804e-6262-7001-aa246a550000}2913/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-configapt-config_apt 534500x80000000000000002143955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.927{ec230001-804e-6262-7001-aa246a550000}2913/usr/bin/dpkg_apt 154100x80000000000000002143957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.928{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.928{ec230001-804e-6262-73a4-6ec3a0550000}2912/usr/bin/apt-config_apt 154100x80000000000000002143958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.934{ec230001-804e-6262-7061-15d665550000}2915/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-configapt-config_apt 534500x80000000000000002143959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.936{ec230001-804e-6262-7061-15d665550000}2915/usr/bin/dpkg_apt 154100x80000000000000002143961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.937{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.937{ec230001-804e-6262-7324-c11aee550000}2914/usr/bin/apt-config_apt 154100x80000000000000002143962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.941{ec230001-804e-6262-70c1-2a9d6e550000}2917/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-configapt-config_apt 534500x80000000000000002143964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.944{ec230001-804e-6262-7384-1b825b550000}2916/usr/bin/apt-config_apt 534500x80000000000000002143963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.944{ec230001-804e-6262-70c1-2a9d6e550000}2917/usr/bin/dpkg_apt 154100x80000000000000002143965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.945{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.949{ec230001-804e-6262-70d1-492d62550000}2919/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-configapt-config_apt 534500x80000000000000002143967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.955{ec230001-804e-6262-70d1-492d62550000}2919/usr/bin/dpkg_apt 154100x80000000000000002143969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.956{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.956{ec230001-804e-6262-73b4-a5c48c550000}2918/usr/bin/apt-config_apt 154100x80000000000000002143970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.963{ec230001-804e-6262-70f1-315b4f560000}2921/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-configapt-config_apt 534500x80000000000000002143971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.965{ec230001-804e-6262-70f1-315b4f560000}2921/usr/bin/dpkg_apt 154100x80000000000000002143973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.966{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.966{ec230001-804e-6262-7334-e72a20560000}2920/usr/bin/apt-config_apt 154100x80000000000000002143974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.971{ec230001-804e-6262-7041-056bdc550000}2923/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-configapt-config_apt 534500x80000000000000002143976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.974{ec230001-804e-6262-73f4-9d1e58550000}2922/usr/bin/apt-config_apt 534500x80000000000000002143975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.974{ec230001-804e-6262-7041-056bdc550000}2923/usr/bin/dpkg_apt 154100x80000000000000002143978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.975{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.975{ec230001-804e-6262-0000-000000000000}2924-_apt 154100x80000000000000002143979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.982{ec230001-804e-6262-7011-f45ed8550000}2926/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-configapt-config_apt 154100x80000000000000002143982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-a890-8dbf04560000}2927/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-7364-735f52560000}2925/usr/bin/apt-config_apt 534500x80000000000000002143980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.985{ec230001-804e-6262-7011-f45ed8550000}2926/usr/bin/dpkg_apt 154100x80000000000000002143984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.986{ec230001-804e-6262-e0e1-eecf40560000}2928/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.986{ec230001-804e-6262-a890-8dbf04560000}2927/bin/mktemp_apt 534500x80000000000000002143985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.987{ec230001-804e-6262-e0e1-eecf40560000}2928/bin/chmod_apt 154100x80000000000000002143988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-7013-cf39eb550000}2930/bin/rm-----rm -f /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-c005-97eabb550000}2929/bin/readlink_apt 154100x80000000000000002143986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.988{ec230001-804e-6262-c005-97eabb550000}2929/bin/readlink-----readlink -f /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 154100x80000000000000002143990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.989{ec230001-804e-6262-1030-13cb16560000}2931/bin/touch-----touch /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.989{ec230001-804e-6262-7013-cf39eb550000}2930/bin/rm_apt 154100x80000000000000002143992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.990{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.990{ec230001-804e-6262-1030-13cb16560000}2931/bin/touch_apt 154100x80000000000000002143993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.995{ec230001-804e-6262-70d1-fec531560000}2933/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-configapt-config_apt 154100x80000000000000002143996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-c0d5-df91e5550000}2934/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-73c4-f20c6e550000}2932/usr/bin/apt-config_apt 534500x80000000000000002143994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.997{ec230001-804e-6262-70d1-fec531560000}2933/usr/bin/dpkg_apt 154100x80000000000000002143998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.998{ec230001-804e-6262-90a0-ac3dc4550000}2935/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002143997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:42.998{ec230001-804e-6262-c0d5-df91e5550000}2934/bin/readlink_apt 154100x80000000000000002144001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804f-6262-187a-99d0af550000}2938/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2936--- 534500x80000000000000002144000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804e-6262-0000-000000000000}2937-_apt 534500x80000000000000002143999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.000{ec230001-804e-6262-90a0-ac3dc4550000}2935/usr/bin/find_apt 534500x80000000000000002144003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.001{ec230001-804e-6262-0000-000000000000}2936-_apt 534500x80000000000000002144002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.001{ec230001-804f-6262-187a-99d0af550000}2938/usr/bin/sort_apt 154100x80000000000000002144005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.002{ec230001-804f-6262-48de-3455c1550000}2940/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.002{00000000-0000-0000-0000-000000000000}2939<unknown process>_apt 154100x80000000000000002144008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804f-6262-d0f9-fc3f36560000}2942/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804e-6262-0000-000000000000}2941-_apt 534500x80000000000000002144006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.003{ec230001-804f-6262-48de-3455c1550000}2940/usr/bin/cmp_apt 154100x80000000000000002144011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{ec230001-804f-6262-485e-00beb7550000}2944/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{00000000-0000-0000-0000-000000000000}2943<unknown process>_apt 534500x80000000000000002144009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.004{ec230001-804f-6262-d0f9-fc3f36560000}2942/bin/cat_apt 534500x80000000000000002144013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.005{ec230001-804e-6262-0000-000000000000}2945-_apt 534500x80000000000000002144012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.005{ec230001-804f-6262-485e-00beb7550000}2944/usr/bin/cmp_apt 154100x80000000000000002144017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-481e-04a3c4550000}2948/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-d009-17e050560000}2946/bin/cat_apt 154100x80000000000000002144014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.006{ec230001-804f-6262-d009-17e050560000}2946/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{ec230001-804e-6262-0000-000000000000}2949-_apt 534500x80000000000000002144018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{ec230001-804f-6262-481e-04a3c4550000}2948/usr/bin/cmp_apt 534500x80000000000000002144016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.007{00000000-0000-0000-0000-000000000000}2947<unknown process>_apt 534500x80000000000000002144021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.008{ec230001-804f-6262-d029-767b66550000}2950/bin/cat_apt 154100x80000000000000002144020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.008{ec230001-804f-6262-d029-767b66550000}2950/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{ec230001-804f-6262-48ce-ce347b550000}2952/usr/bin/cmp_apt 154100x80000000000000002144023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{ec230001-804f-6262-48ce-ce347b550000}2952/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.009{00000000-0000-0000-0000-000000000000}2951<unknown process>_apt 534500x80000000000000002144027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{ec230001-804f-6262-d039-d08627560000}2954/bin/cat_apt 154100x80000000000000002144026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{ec230001-804f-6262-d039-d08627560000}2954/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.010{00000000-0000-0000-0000-000000000000}2953<unknown process>_apt 154100x80000000000000002144028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.011{ec230001-804f-6262-98ca-a9be3a560000}2955/bin/cp-----cp -a /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.012{ec230001-804f-6262-98ca-a9be3a560000}2955/bin/cp_apt 154100x80000000000000002144031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.013{ec230001-804f-6262-f8fa-b08037560000}2958/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2956--- 534500x80000000000000002144030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.013{ec230001-804e-6262-0000-000000000000}2957-_apt 534500x80000000000000002144033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.014{ec230001-804f-6262-0000-000000000000}2956-_apt 534500x80000000000000002144032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.014{ec230001-804f-6262-f8fa-b08037560000}2958/bin/sed_apt 154100x80000000000000002144035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.017{ec230001-804f-6262-f82a-03561c560000}2961/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2959--- 534500x80000000000000002144034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.017{00000000-0000-0000-0000-000000000000}2960<unknown process>_apt 154100x80000000000000002144038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-78ee-d79445560000}2962/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.RA0sX6hrkW --keyring /tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.DYEwG3 /tmp/apt.data.oSv6V7/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-0000-000000000000}2959-_apt 534500x80000000000000002144036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.018{ec230001-804f-6262-f82a-03561c560000}2961/bin/sed_apt 154100x80000000000000002144040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.021{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.021{ec230001-804f-6262-78ee-d79445560000}2962/usr/bin/gpgv_apt 154100x80000000000000002144041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.022{ec230001-804f-6262-3088-1bb2e7550000}2964/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.024{ec230001-804f-6262-30a8-819087550000}2965/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.024{ec230001-804f-6262-3088-1bb2e7550000}2964/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.025{ec230001-804f-6262-30a8-819087550000}2965/usr/bin/gpg-connect-agent_apt 154100x80000000000000002144045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.026{ec230001-804f-6262-30b8-118536560000}2966/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-7043-4d16df550000}2967/bin/rm-----rm -rf /tmp/apt-key-gpghome.RA0sX6hrkW/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash/bin/sh_apt 534500x80000000000000002144047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-b05f-18ff09560000}2963/usr/bin/gpgconf_apt 534500x80000000000000002144046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.027{ec230001-804f-6262-30b8-118536560000}2966/usr/bin/gpg-connect-agent_apt 23542300x80000000000000002144051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/pubring.gpg--- 23542300x80000000000000002144050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/pubring.orig.gpg--- 23542300x80000000000000002144049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.028{ec230001-804f-6262-7043-4d16df550000}2967_apt/bin/rm/tmp/apt-key-gpghome.RA0sX6hrkW/gpg.1.sh--- 23542300x80000000000000002144056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.DYEwG3--- 23542300x80000000000000002144055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.oSv6V7--- 23542300x80000000000000002144054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-60ea-87805b550000}2909_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.ME2WqZ--- 534500x80000000000000002144053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804e-6262-68d2-6ddbd2550000}2910/bin/dash_apt 534500x80000000000000002144052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.029{ec230001-804f-6262-7043-4d16df550000}2967/bin/rm_apt 23542300x80000000000000002144059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.GBYcSS--- 23542300x80000000000000002144058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.PWoljO--- 534500x80000000000000002144057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.030{ec230001-804e-6262-60ea-87805b550000}2909/usr/lib/apt/methods/gpgv_apt 154100x80000000000000002144060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.037{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash-----/bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.hYUDUe /tmp/apt.data.7bcItj/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2968--- 534500x80000000000000002144061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.038{ec230001-804e-6262-60ea-87805b550000}2970-_apt 154100x80000000000000002144062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.039{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-config-----apt-config shell MASTER_KEYRING APT::Key::MasterKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 154100x80000000000000002144063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.044{ec230001-804f-6262-7051-0b4224560000}2972/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-configapt-config_apt 534500x80000000000000002144064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.046{ec230001-804f-6262-7051-0b4224560000}2972/usr/bin/dpkg_apt 154100x80000000000000002144066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.047{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.047{ec230001-804f-6262-7344-9f4b97550000}2971/usr/bin/apt-config_apt 154100x80000000000000002144067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.055{ec230001-804f-6262-7021-8aca79550000}2974/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-configapt-config_apt 154100x80000000000000002144070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-config-----apt-config shell REMOVED_KEYS APT::Key::RemovedKeys/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-7344-564d69550000}2973/usr/bin/apt-config_apt 534500x80000000000000002144068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.058{ec230001-804f-6262-7021-8aca79550000}2974/usr/bin/dpkg_apt 154100x80000000000000002144071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.063{ec230001-804f-6262-70e1-7aaebc550000}2976/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-configapt-config_apt 534500x80000000000000002144072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.065{ec230001-804f-6262-70e1-7aaebc550000}2976/usr/bin/dpkg_apt 154100x80000000000000002144074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.066{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-config-----apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.066{ec230001-804f-6262-73d4-260820560000}2975/usr/bin/apt-config_apt 154100x80000000000000002144075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.071{ec230001-804f-6262-70b1-d1899e550000}2978/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-configapt-config_apt 534500x80000000000000002144076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.073{ec230001-804f-6262-70b1-d1899e550000}2978/usr/bin/dpkg_apt 154100x80000000000000002144078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.074{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.074{ec230001-804f-6262-73a4-af0918560000}2977/usr/bin/apt-config_apt 154100x80000000000000002144079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.079{ec230001-804f-6262-7021-2d5caa550000}2980/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-configapt-config_apt 154100x80000000000000002144082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-config-----apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-73c4-982a19560000}2979/usr/bin/apt-config_apt 534500x80000000000000002144080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.082{ec230001-804f-6262-7021-2d5caa550000}2980/usr/bin/dpkg_apt 154100x80000000000000002144083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.087{ec230001-804f-6262-7001-735bd3550000}2982/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-configapt-config_apt 534500x80000000000000002144085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.089{ec230001-804f-6262-7324-bdd88f550000}2981/usr/bin/apt-config_apt 534500x80000000000000002144084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.089{ec230001-804f-6262-7001-735bd3550000}2982/usr/bin/dpkg_apt 154100x80000000000000002144087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.090{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-config-----apt-config shell GPGV Apt::Key::gpgvcommand/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.090{00000000-0000-0000-0000-000000000000}2983<unknown process>_apt 154100x80000000000000002144088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.095{ec230001-804f-6262-70e1-737fb3550000}2985/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-configapt-config_apt 534500x80000000000000002144089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.097{ec230001-804f-6262-70e1-737fb3550000}2985/usr/bin/dpkg_apt 534500x80000000000000002144092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-a850-12d7ba550000}2986/bin/mktemp_apt 154100x80000000000000002144091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-a850-12d7ba550000}2986/bin/mktemp-----mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.098{ec230001-804f-6262-7304-d96d27560000}2984/usr/bin/apt-config_apt 154100x80000000000000002144095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-c0a5-e66d88550000}2988/bin/readlink-----readlink -f /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-e0c1-f8cffd550000}2987/bin/chmod_apt 154100x80000000000000002144093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.099{ec230001-804f-6262-e0c1-f8cffd550000}2987/bin/chmod-----chmod 700 /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 154100x80000000000000002144097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.100{ec230001-804f-6262-7013-ec05b9550000}2989/bin/rm-----rm -f /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.100{ec230001-804f-6262-c0a5-e66d88550000}2988/bin/readlink_apt 154100x80000000000000002144099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.101{ec230001-804f-6262-10a0-d5837c550000}2990/bin/touch-----touch /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.101{ec230001-804f-6262-7013-ec05b9550000}2989/bin/rm_apt 154100x80000000000000002144101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.102{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-config-----apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.102{ec230001-804f-6262-10a0-d5837c550000}2990/bin/touch_apt 154100x80000000000000002144102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.106{ec230001-804f-6262-7071-13c63b560000}2992/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-configapt-config_apt 534500x80000000000000002144103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.108{ec230001-804f-6262-7071-13c63b560000}2992/usr/bin/dpkg_apt 154100x80000000000000002144105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.109{ec230001-804f-6262-c005-9f2f54560000}2993/bin/readlink-----readlink -f /etc/apt/trusted.gpg.d//home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.109{ec230001-804f-6262-73b4-ee4889550000}2991/usr/bin/apt-config_apt 154100x80000000000000002144107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.110{ec230001-804f-6262-9040-6d9ee0550000}2994/usr/bin/find-----find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )/_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.110{ec230001-804f-6262-c005-9f2f54560000}2993/bin/readlink_apt 534500x80000000000000002144108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.111{ec230001-804f-6262-9040-6d9ee0550000}2994/usr/bin/find_apt 154100x80000000000000002144110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.112{ec230001-804f-6262-18ea-b41a49560000}2997/usr/bin/sort-----sort/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}2995--- 534500x80000000000000002144109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.112{00000000-0000-0000-0000-000000000000}2996<unknown process>_apt 534500x80000000000000002144112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.113{ec230001-804e-6262-60ea-87805b550000}2995-_apt 534500x80000000000000002144111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.113{ec230001-804f-6262-18ea-b41a49560000}2997/usr/bin/sort_apt 534500x80000000000000002144115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{ec230001-804f-6262-48ae-d27c21560000}2999/usr/bin/cmp_apt 154100x80000000000000002144114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{ec230001-804f-6262-48ae-d27c21560000}2999/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.114{00000000-0000-0000-0000-000000000000}2998<unknown process>_apt 154100x80000000000000002144117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.115{ec230001-804f-6262-d009-41e9b6550000}3001/bin/cat-----cat /etc/apt/trusted.gpg.d/microsoft-prod.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.115{ec230001-804e-6262-60ea-87805b550000}3000-_apt 154100x80000000000000002144120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804f-6262-482e-67c206560000}3003/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804e-6262-60ea-87805b550000}3002-_apt 534500x80000000000000002144118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.116{ec230001-804f-6262-d009-41e9b6550000}3001/bin/cat_apt 154100x80000000000000002144123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804f-6262-d0d9-1ca3e2550000}3005/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804e-6262-60ea-87805b550000}3004-_apt 534500x80000000000000002144121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.117{ec230001-804f-6262-482e-67c206560000}3003/usr/bin/cmp_apt 154100x80000000000000002144126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{ec230001-804f-6262-48fe-771985550000}3007/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{00000000-0000-0000-0000-000000000000}3006<unknown process>_apt 534500x80000000000000002144124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.118{ec230001-804f-6262-d0d9-1ca3e2550000}3005/bin/cat_apt 534500x80000000000000002144128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.119{ec230001-804f-6262-0000-000000000000}3008-_apt 534500x80000000000000002144127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.119{ec230001-804f-6262-48fe-771985550000}3007/usr/bin/cmp_apt 534500x80000000000000002144130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.120{ec230001-804f-6262-d079-31839c550000}3009/bin/cat_apt 154100x80000000000000002144129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.120{ec230001-804f-6262-d079-31839c550000}3009/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{ec230001-804f-6262-482e-fd3470550000}3011/usr/bin/cmp_apt 154100x80000000000000002144132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{ec230001-804f-6262-482e-fd3470550000}3011/usr/bin/cmp-----cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.121{00000000-0000-0000-0000-000000000000}3010<unknown process>_apt 154100x80000000000000002144135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.122{ec230001-804f-6262-d029-14a4ad550000}3013/bin/cat-----cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.122{00000000-0000-0000-0000-000000000000}3012<unknown process>_apt 154100x80000000000000002144137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.123{ec230001-804f-6262-984a-f36830560000}3014/bin/cp-----cp -a /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg /tmp/apt-key-gpghome.zcXf631l1s/pubring.orig.gpg/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.123{ec230001-804f-6262-d029-14a4ad550000}3013/bin/cat_apt 154100x80000000000000002144140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{ec230001-804f-6262-f8ba-72023c560000}3017/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}3015--- 534500x80000000000000002144139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{00000000-0000-0000-0000-000000000000}3016<unknown process>_apt 534500x80000000000000002144138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.124{ec230001-804f-6262-984a-f36830560000}3014/bin/cp_apt 534500x80000000000000002144142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.126{ec230001-804f-6262-0000-000000000000}3015-_apt 534500x80000000000000002144141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.126{ec230001-804f-6262-f8ba-72023c560000}3017/bin/sed_apt 154100x80000000000000002144144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.127{ec230001-804f-6262-f86a-69521d560000}3020/bin/sed-----sed -e s#'#'"'"'#g/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{00000000-0000-0000-0000-000000000000}3018--- 534500x80000000000000002144143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.127{ec230001-804f-6262-0000-000000000000}3019-_apt 154100x80000000000000002144147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{ec230001-804f-6262-785e-85ad5b550000}3021/usr/bin/gpgv-----gpgv --homedir /tmp/apt-key-gpghome.zcXf631l1s --keyring /tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.hYUDUe /tmp/apt.data.7bcItj/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{00000000-0000-0000-0000-000000000000}3018<unknown process>_apt 534500x80000000000000002144145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.128{ec230001-804f-6262-f86a-69521d560000}3020/bin/sed_apt 154100x80000000000000002144149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.131{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconf-----gpgconf --kill all/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.131{ec230001-804f-6262-785e-85ad5b550000}3021/usr/bin/gpgv_apt 154100x80000000000000002144150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.132{ec230001-804f-6262-3078-b77755550000}3023/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart KILLAGENT/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 154100x80000000000000002144152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.134{ec230001-804f-6262-3038-11f2d4550000}3024/usr/bin/gpg-connect-agent-----gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.134{ec230001-804f-6262-3078-b77755550000}3023/usr/bin/gpg-connect-agent_apt 154100x80000000000000002144154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.135{ec230001-804f-6262-3068-4d937b550000}3025/usr/bin/gpg-connect-agent-----gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconfgpgconf_apt 534500x80000000000000002144153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.135{ec230001-804f-6262-3038-11f2d4550000}3024/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.137{ec230001-804f-6262-3068-4d937b550000}3025/usr/bin/gpg-connect-agent_apt 534500x80000000000000002144161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026/bin/rm_apt 23542300x80000000000000002144160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/pubring.gpg--- 23542300x80000000000000002144159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/pubring.orig.gpg--- 23542300x80000000000000002144158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026_apt/bin/rm/tmp/apt-key-gpghome.zcXf631l1s/gpg.1.sh--- 154100x80000000000000002144157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-7033-63cf1c560000}3026/bin/rm-----rm -rf /tmp/apt-key-gpghome.zcXf631l1s/home/ubuntu_apt{ec230001-0000-0000-6800-000000000000}1041no level-{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash/bin/sh_apt 534500x80000000000000002144156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.138{ec230001-804f-6262-b06f-431b44560000}3022/usr/bin/gpgconf_apt 534500x80000000000000002144166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968/usr/lib/apt/methods/gpgv_apt 23542300x80000000000000002144165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.sig.hYUDUe--- 23542300x80000000000000002144164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.data.7bcItj--- 23542300x80000000000000002144163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-60ea-87805b550000}2968_apt/usr/lib/apt/methods/gpgv/tmp/apt.conf.rgPzla--- 534500x80000000000000002144162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.139{ec230001-804f-6262-68d2-156af1550000}2969/bin/dash_apt 23542300x80000000000000002144167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.140{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.r5ywJX--- 23542300x80000000000000002144168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:43.146{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.YURTB2--- 354300x80000000000000002144169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.326{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36504-false10.0.1.12-8000- 534500x80000000000000002144170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.466{ec230001-804e-6262-8965-0e7ce9550000}2863/usr/lib/apt/methods/store_apt 534500x80000000000000002144172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.467{ec230001-804e-6262-b953-13cb7e550000}2723/usr/lib/apt/methods/http_apt 534500x80000000000000002144171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.467{ec230001-804e-6262-60ea-87805b550000}2728/usr/lib/apt/methods/gpgv_apt 534500x80000000000000002144174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.468{ec230001-804e-6262-b983-606faf550000}2726/usr/lib/apt/methods/http_apt 534500x80000000000000002144173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.468{ec230001-804e-6262-b973-0fb02e560000}2724/usr/lib/apt/methods/http_apt 23542300x80000000000000002144175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.469{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease--- 23542300x80000000000000002144178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages--- 23542300x80000000000000002144177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages.xz--- 23542300x80000000000000002144176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.470{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages--- 23542300x80000000000000002144182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages--- 23542300x80000000000000002144181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease--- 23542300x80000000000000002144180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease--- 23542300x80000000000000002144179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.471{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/us-east-2.ec2.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages.xz--- 23542300x80000000000000002144188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en--- 23542300x80000000000000002144187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages.xz--- 23542300x80000000000000002144186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages--- 23542300x80000000000000002144185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en.xz--- 23542300x80000000000000002144184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en--- 23542300x80000000000000002144183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.472{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages.xz--- 23542300x80000000000000002144192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages.bz2--- 23542300x80000000000000002144191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages--- 23542300x80000000000000002144190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_InRelease--- 23542300x80000000000000002144189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.473{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en.xz--- 154100x80000000000000002144193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.474{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dash-----sh -c touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 154100x80000000000000002144194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.475{ec230001-8050-6262-1030-32b8d8550000}3029/bin/touch-----touch /var/lib/apt/periodic/update-success-stamp/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dashshroot 534500x80000000000000002144195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.476{ec230001-8050-6262-1030-32b8d8550000}3029/bin/touchroot 154100x80000000000000002144197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.477{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dash-----sh -c if /usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null; fi/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 534500x80000000000000002144196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.477{ec230001-8050-6262-68d2-3cba2a560000}3028/bin/dashroot 154100x80000000000000002144198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.478{ec230001-8050-6262-e02a-6bb755550000}3031/usr/bin/test-----/usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashshroot 154100x80000000000000002144200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.479{ec230001-8050-6262-503c-7b0000000000}3032/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/cnf-update-db/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashshroot 534500x80000000000000002144199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.479{ec230001-8050-6262-e02a-6bb755550000}3031/usr/bin/testroot 154100x80000000000000002144203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dash-----sh -c /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3027--- 534500x80000000000000002144202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-6842-53a1c5550000}3030/bin/dashroot 534500x80000000000000002144201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.536{ec230001-8050-6262-503c-7b0000000000}3032/usr/bin/python3.6root 154100x80000000000000002144204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.541{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dashshroot 154100x80000000000000002144205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.542{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-config-----apt-config shell StateDir Dir::State/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.547{ec230001-8050-6262-70b1-4a42ad550000}3036/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-configapt-configroot 534500x80000000000000002144208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.549{ec230001-8050-6262-73b4-5d68cf550000}3035/usr/bin/apt-configroot 534500x80000000000000002144207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.549{ec230001-8050-6262-70b1-4a42ad550000}3036/usr/bin/dpkgroot 154100x80000000000000002144209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.550{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.554{ec230001-8050-6262-7041-112a66550000}3038/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-configapt-configroot 534500x80000000000000002144212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.557{ec230001-8050-6262-7394-9cc82a560000}3037/usr/bin/apt-configroot 534500x80000000000000002144211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.557{ec230001-8050-6262-7041-112a66550000}3038/usr/bin/dpkgroot 154100x80000000000000002144213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.558{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.562{ec230001-8050-6262-7001-beabd0550000}3040/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-configapt-configroot 534500x80000000000000002144215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.564{ec230001-8050-6262-7001-beabd0550000}3040/usr/bin/dpkgroot 154100x80000000000000002144217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.565{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.565{ec230001-8050-6262-7374-c2257f550000}3039/usr/bin/apt-configroot 154100x80000000000000002144218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.569{ec230001-8050-6262-7001-3dd0c8550000}3042/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-configapt-configroot 534500x80000000000000002144219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.571{ec230001-8050-6262-7001-3dd0c8550000}3042/usr/bin/dpkgroot 154100x80000000000000002144221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.572{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.572{ec230001-8050-6262-73f4-22cb61550000}3041/usr/bin/apt-configroot 154100x80000000000000002144222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.576{ec230001-8050-6262-7051-86b6fe550000}3044/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-configapt-configroot 154100x80000000000000002144225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-9080-f12593550000}3045/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/updates-available -print -quit/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-7394-35ba20560000}3043/usr/bin/apt-configroot 534500x80000000000000002144223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.579{ec230001-8050-6262-7051-86b6fe550000}3044/usr/bin/dpkgroot 154100x80000000000000002144229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-a830-61f6f5550000}3046/bin/mktemp-----mktemp -p /var/lib/update-notifier/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 154100x80000000000000002144227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-e808-065df4550000}3047/usr/bin/dirname-----dirname /var/lib/update-notifier/updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3046--- 534500x80000000000000002144226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.581{ec230001-8050-6262-9080-f12593550000}3045/usr/bin/findroot 534500x80000000000000002144228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.582{ec230001-8050-6262-e808-065df4550000}3047/usr/bin/dirnameroot 154100x80000000000000002144231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.584{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/update-notifier/apt-check --human-readable/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.584{ec230001-8050-6262-a830-61f6f5550000}3046/bin/mktemproot 154100x80000000000000002144232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.677{ec230001-8050-6262-70c1-9569df550000}3049/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 23542300x80000000000000002144234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.680{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.ltQLxO--- 534500x80000000000000002144233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.680{ec230001-8050-6262-70c1-9569df550000}3049/usr/bin/dpkgroot 23542300x80000000000000002144235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.685{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.D5hzCX--- 23542300x80000000000000002144236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.689{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.d754H6--- 23542300x80000000000000002144237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.691{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RwZPNf--- 23542300x80000000000000002144238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.692{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7IQPTo--- 23542300x80000000000000002144239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.696{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.P7jx0x--- 23542300x80000000000000002144240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.699{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RxxK7G--- 23542300x80000000000000002144241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.704{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.DayHfQ--- 23542300x80000000000000002144242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.705{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.jdHUnZ--- 23542300x80000000000000002144243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.706{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hILkw8--- 23542300x80000000000000002144244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.708{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.1pLZEh--- 23542300x80000000000000002144245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.709{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.RiPRNq--- 23542300x80000000000000002144246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.710{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.pRfWWz--- 23542300x80000000000000002144247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.712{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hcgf6I--- 23542300x80000000000000002144248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.713{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.t1NNfS--- 23542300x80000000000000002144249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.715{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.d3WAp1--- 23542300x80000000000000002144250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.716{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.nLGEza--- 154100x80000000000000002144251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.717{ec230001-8050-6262-70c1-0ccf3f560000}3050/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.720{ec230001-8050-6262-70c1-0ccf3f560000}3050/usr/bin/dpkgroot 154100x80000000000000002144253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.742{ec230001-8050-6262-7011-2fa5ea550000}3051/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.744{ec230001-8050-6262-7011-2fa5ea550000}3051/usr/bin/dpkgroot 154100x80000000000000002144255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.908{ec230001-8050-6262-70a1-e6d156550000}3052/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.911{ec230001-8050-6262-70a1-e6d156550000}3052/usr/bin/dpkgroot 23542300x80000000000000002144257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:44.920{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hVaeik--- 23542300x80000000000000002144258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:45.795{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.3CZNow--- 23542300x80000000000000002144259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.097{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.JNJskJ--- 23542300x80000000000000002144260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.099{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.5JQvgW--- 23542300x80000000000000002144261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.213{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.XDIMv9--- 154100x80000000000000002144262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.657{ec230001-8052-6262-70e1-48f1a9550000}3053/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.674{ec230001-8052-6262-70e1-48f1a9550000}3053/usr/bin/dpkgroot 354300x80000000000000002144264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:46.756{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39490-false10.0.1.12-8089- 23542300x80000000000000002144265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.015{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.9iWUiQ--- 23542300x80000000000000002144266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.019{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.9p7CK5--- 23542300x80000000000000002144267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.023{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.dML0cl--- 23542300x80000000000000002144268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.025{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.T1JEFA--- 23542300x80000000000000002144269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.026{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hrly8P--- 23542300x80000000000000002144270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.030{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.VSE6B5--- 23542300x80000000000000002144271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.032{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.xqUU5k--- 23542300x80000000000000002144272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.035{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.TyTnAA--- 23542300x80000000000000002144273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.037{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.Ro564P--- 23542300x80000000000000002144274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.038{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HYj3z5--- 23542300x80000000000000002144275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.039{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.prwc5k--- 23542300x80000000000000002144276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.041{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.XKOyAA--- 23542300x80000000000000002144277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.042{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7Ic85P--- 23542300x80000000000000002144278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.043{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.H7NWB5--- 23542300x80000000000000002144279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.045{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.POX07k--- 23542300x80000000000000002144280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.046{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NQskEA--- 23542300x80000000000000002144281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.048{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.jbiVaQ--- 154100x80000000000000002144282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.049{ec230001-8053-6262-7041-d89cdf550000}3054/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000002144283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.053{ec230001-8053-6262-7041-d89cdf550000}3054/usr/bin/dpkgroot 23542300x80000000000000002144284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.280{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.VicHk6--- 23542300x80000000000000002144285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.284{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.x7wdvm--- 23542300x80000000000000002144286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.288{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.djBpGC--- 23542300x80000000000000002144287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.290{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.rwLRRS--- 23542300x80000000000000002144288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.291{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.ff4y38--- 23542300x80000000000000002144289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.295{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.11WVfp--- 23542300x80000000000000002144290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.296{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.zzXysF--- 23542300x80000000000000002144291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.300{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.hCIRFV--- 23542300x80000000000000002144292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.302{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HwGpTb--- 23542300x80000000000000002144293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.303{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.HTCa7r--- 23542300x80000000000000002144294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.304{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NpU8kI--- 23542300x80000000000000002144295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.306{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.pAQjzY--- 23542300x80000000000000002144296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.307{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.T0qHNe--- 23542300x80000000000000002144297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.308{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.nRik2u--- 23542300x80000000000000002144298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.310{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.PtXbhL--- 23542300x80000000000000002144299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.311{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.NvDjw1--- 23542300x80000000000000002144300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.313{ec230001-8050-6262-503c-7b0000000000}3048root/usr/bin/python3.6/tmp/fileutl.message.7D6HLh--- 154100x80000000000000002144302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.409{ec230001-8053-6262-889b-37ed15560000}3055/bin/mv-----mv /var/lib/update-notifier/tmp.HkpwVAr5wI /var/lib/update-notifier/updates-available/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.409{ec230001-8050-6262-503c-7b0000000000}3048/usr/bin/python3.6root 154100x80000000000000002144304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.411{ec230001-8053-6262-70b3-dd0cef550000}3056/bin/rm-----rm -f /var/lib/update-notifier/tmp.HkpwVAr5wI/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dash/bin/shroot 534500x80000000000000002144303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.411{ec230001-8053-6262-889b-37ed15560000}3055/bin/mvroot 534500x80000000000000002144308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{00000000-0000-0000-0000-000000000000}3027<unknown process>root 534500x80000000000000002144307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8050-6262-68e2-fffcb0550000}3033/bin/dashroot 534500x80000000000000002144306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8050-6262-68a2-a464d0550000}3034/bin/dashroot 534500x80000000000000002144305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.412{ec230001-8053-6262-70b3-dd0cef550000}3056/bin/rmroot 23542300x80000000000000002144309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.420{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/cache/apt/pkgcache.bin--- 23542300x80000000000000002144310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.425{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/var/cache/apt/srcpkgcache.bin--- 154100x80000000000000002144311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.427{ec230001-8053-6262-70a1-3705c3550000}3057/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002144312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.429{ec230001-8053-6262-70a1-3705c3550000}3057/usr/bin/dpkgroot 23542300x80000000000000002144313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:47.433{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.D5NCbj--- 23542300x80000000000000002144314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.088{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.C1v7xB--- 23542300x80000000000000002144315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.366{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.1FQIFU--- 23542300x80000000000000002144316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.369{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.OXHONd--- 23542300x80000000000000002144317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.479{ec230001-804e-6262-98a5-be2a6f550000}2719root/usr/bin/apt/tmp/fileutl.message.lbhyex--- 154100x80000000000000002144318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.617{ec230001-8054-6262-70d1-2d4288550000}3058/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptaptroot 534500x80000000000000002144319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.633{ec230001-8054-6262-70d1-2d4288550000}3058/usr/bin/dpkgroot 154100x80000000000000002144320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.858{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3059--- 154100x80000000000000002144321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.859{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dashshroot 154100x80000000000000002144322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.864{ec230001-8054-6262-7001-1e4a8a550000}3062/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook/usr/lib/ubuntu-advantage/apt-esm-hookroot 23542300x80000000000000002144324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.866{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.wXnEqe--- 534500x80000000000000002144323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.866{ec230001-8054-6262-7001-1e4a8a550000}3062/usr/bin/dpkgroot 23542300x80000000000000002144325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.871{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.DQOAVy--- 23542300x80000000000000002144326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.875{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.yzherT--- 23542300x80000000000000002144327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.876{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.hXv7Wd--- 23542300x80000000000000002144328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.878{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.Gvhfty--- 23542300x80000000000000002144329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.882{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.HmZ2ZS--- 23542300x80000000000000002144330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.883{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.q7p6wd--- 23542300x80000000000000002144331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.887{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.bdgP4x--- 23542300x80000000000000002144332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.889{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.2cQRCS--- 23542300x80000000000000002144333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.890{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.NnT6ad--- 23542300x80000000000000002144334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.891{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.IpYyJx--- 23542300x80000000000000002144335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.892{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.zMEdiS--- 23542300x80000000000000002144336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.894{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.E7G4Qc--- 23542300x80000000000000002144337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.895{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.P1oaqx--- 23542300x80000000000000002144338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.896{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.UiTuZR--- 23542300x80000000000000002144339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.898{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.Tt13yc--- 23542300x80000000000000002144340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.899{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/tmp/fileutl.message.a0YS8w--- 154100x80000000000000002144341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.900{ec230001-8054-6262-70d1-6a5ad4550000}3063/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hook/usr/lib/ubuntu-advantage/apt-esm-hookroot 534500x80000000000000002144342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.902{ec230001-8054-6262-70d1-6a5ad4550000}3063/usr/bin/dpkgroot 23542300x80000000000000002144344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.944{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/var/lib/ubuntu-advantage/messages/motd-esm-service-status--- 23542300x80000000000000002144343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.944{ec230001-8054-6262-ea5e-25be11560000}3061root/usr/lib/ubuntu-advantage/apt-esm-hook/var/lib/ubuntu-advantage/messages/apt-pre-invoke-esm-service-status--- 534500x80000000000000002144346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.945{ec230001-8054-6262-6862-ed2d7f550000}3060/bin/dashroot 534500x80000000000000002144345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.945{ec230001-8054-6262-ea5e-25be11560000}3061/usr/lib/ubuntu-advantage/apt-esm-hookroot 534500x80000000000000002144347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.947{ec230001-804f-6262-60ea-87805b550000}3059-root 534500x80000000000000002144348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.952{ec230001-804e-6262-98a5-be2a6f550000}2719/usr/bin/aptroot 534500x80000000000000002144349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:48.953{ec230001-804e-6262-089e-d6743b560000}2718/usr/bin/sudoroot 354300x80000000000000002144350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:49.364{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36508-false10.0.1.12-8000- 154100x80000000000000002144351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.932{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudo-----sudo apt install apache2/home/ubuntuubuntu{ec230001-643b-6262-e803-000000000000}10001no level-{ec230001-643a-6262-08d4-9f8d0f560000}1965/bin/bash-bashubuntu 354300x80000000000000002144356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudoubuntuudptruefalse127.0.0.1-40420-false127.0.0.53-53- 354300x80000000000000002144355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55129- 354300x80000000000000002144354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-42689-false10.0.0.2-53- 354300x80000000000000002144353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-59257-false10.0.0.2-53- 354300x80000000000000002144352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.936{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudoubuntuudptruefalse127.0.0.1-55129-false127.0.0.53-53- 354300x80000000000000002144357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.937{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40420- 154100x80000000000000002144358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.940{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/apt-----apt install apache2/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-08be-67fd74550000}3064/usr/bin/sudosudoubuntu 154100x80000000000000002144359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.945{ec230001-8058-6262-70b1-e1cc6b550000}3066/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 534500x80000000000000002144360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.947{ec230001-8058-6262-70b1-e1cc6b550000}3066/usr/bin/dpkgroot 23542300x80000000000000002144361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.950{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.qmr0at--- 23542300x80000000000000002144362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.955{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.b5e0OY--- 23542300x80000000000000002144363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.959{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.YvaItu--- 23542300x80000000000000002144364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.961{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.xzAF8Z--- 23542300x80000000000000002144365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.962{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.G1aSNv--- 23542300x80000000000000002144366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.968{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.NPy0t1--- 23542300x80000000000000002144367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.970{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.aU4rax--- 23542300x80000000000000002144368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.975{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.XGRJR2--- 23542300x80000000000000002144369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.976{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.sXCmzy--- 23542300x80000000000000002144370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.978{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.dI3eh4--- 23542300x80000000000000002144371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.979{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.QQskZz--- 23542300x80000000000000002144372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.980{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.vbPCH5--- 23542300x80000000000000002144373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.982{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.UQ48pB--- 23542300x80000000000000002144374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.983{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.HSfV86--- 23542300x80000000000000002144375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.985{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.MGoXRC--- 23542300x80000000000000002144376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.986{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.5XReB8--- 154100x80000000000000002144378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.988{ec230001-8058-6262-7011-42c2e2550000}3067/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 23542300x80000000000000002144377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.988{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/tmp/fileutl.message.8iyNkE--- 534500x80000000000000002144379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:52.991{ec230001-8058-6262-7011-42c2e2550000}3067/usr/bin/dpkgroot 154100x80000000000000002144380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.367{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.368{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash/bin/shroot 154100x80000000000000002144381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.368{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6852-ce3619560000}3068/bin/dash/bin/shroot 534500x80000000000000002144388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.387{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.405{ec230001-8059-6262-70d8-254bce550000}3069/usr/bin/snaproot 534500x80000000000000002144397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.406{ec230001-8059-6262-6852-ce3619560000}3068/bin/dashroot 534500x80000000000000002144396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.406{ec230001-8059-6262-a446-33255b550000}3069/snap/snapd/15534/usr/bin/snaproot 154100x80000000000000002144398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.407{ec230001-8059-6262-6802-842858550000}3084/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}3083--- 154100x80000000000000002144399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.408{ec230001-8059-6262-eaee-6275f7550000}3085/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-6802-842858550000}3084/bin/dashshroot 534500x80000000000000002144402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-804f-6262-60ea-87805b550000}3083-root 534500x80000000000000002144401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-8059-6262-6802-842858550000}3084/bin/dashroot 534500x80000000000000002144400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.411{ec230001-8059-6262-eaee-6275f7550000}3085/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x80000000000000002144403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.423{ec230001-8059-6262-b933-f57fcd550000}3086/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 534500x80000000000000002144404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.428{ec230001-8059-6262-b933-f57fcd550000}3086/usr/lib/apt/methods/httproot 154100x80000000000000002144405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.437{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.438{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash/bin/shroot 154100x80000000000000002144406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.438{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dash/bin/shroot 534500x80000000000000002144412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.453{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.472{ec230001-8059-6262-7058-989250560000}3088/usr/bin/snaproot 534500x80000000000000002144422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.473{ec230001-8059-6262-68e2-d8e688550000}3087/bin/dashroot 534500x80000000000000002144421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.473{ec230001-8059-6262-a476-366bb3550000}3088/snap/snapd/15534/usr/bin/snaproot 154100x80000000000000002144423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.479{ec230001-8059-6262-68b2-261466550000}3102/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.481{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68b2-261466550000}3102/bin/dash/bin/shroot 154100x80000000000000002144424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.481{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8059-6262-68b2-261466550000}3102/bin/dash/bin/shroot 534500x80000000000000002144431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.494{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 534500x80000000000000002144433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.511{ec230001-8059-6262-7068-3241d5550000}3103/usr/bin/snaproot 534500x80000000000000002144440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.512{ec230001-8059-6262-68b2-261466550000}3102/bin/dashroot 534500x80000000000000002144439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:53.512{ec230001-8059-6262-a416-868c5b550000}3103/snap/snapd/15534/usr/bin/snaproot 354300x80000000000000002144441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.241{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36510-false10.0.1.12-8000- 23542300x80000000000000002144451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ohLVIS--- 23542300x80000000000000002144450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.FQli5f--- 23542300x80000000000000002144449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.6GeFrD--- 23542300x80000000000000002144448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.BXp2N0--- 23542300x80000000000000002144447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.KnTpao--- 23542300x80000000000000002144446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.zIENwL--- 23542300x80000000000000002144445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ofIbT8--- 23542300x80000000000000002144444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.B82zfw--- 23542300x80000000000000002144443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.ohHYBT--- 23542300x80000000000000002144442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.518{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/cache/apt/archives/partial/.apt-acquire-privs-test.HUFnYg--- 154100x80000000000000002144452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.519{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 354300x80000000000000002144455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-56485-false127.0.0.53-53- 354300x80000000000000002144454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50992- 354300x80000000000000002144453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.527{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-50992-false127.0.0.53-53- 354300x80000000000000002144457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.528{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-56552-false52.15.158.54-80- 354300x80000000000000002144456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.528{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56485- 534500x80000000000000002144458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.596{ec230001-805b-6262-b9e3-003e45560000}3117/usr/lib/apt/methods/http_apt 23542300x80000000000000002144459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.597{ec230001-8058-6262-9855-9736ae550000}3065root/usr/bin/apt/var/log/apt/eipp.log.xz--- 154100x80000000000000002144460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.681{ec230001-805b-6262-68c2-a6bff9550000}3118/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-8058-6262-9855-9736ae550000}3065/usr/bin/aptaptroot 154100x80000000000000002144461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.682{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-68c2-a6bff9550000}3118/bin/dash/bin/shroot 154100x80000000000000002144462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.747{ec230001-805b-6262-3080-af1adc550000}3120/usr/bin/locale-----locale charmap/home/ubunturoot{ec230001-0000-0000-0000-000000000000}01no level-{ec230001-805b-6262-98c7-c29a09560000}3119/usr/bin/perl/usr/bin/perlroot 534500x80000000000000002144463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 10:15:55.748{ec230001-805b-6262-3080-af1adc550000}3120/usr/bin/localeroot 154100x80000000000000002144464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-