354300x800000000000000026090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:19.783{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54584-false10.0.1.12-8000- 354300x800000000000000026091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:23.286{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34296-false10.0.1.12-8089- 354300x800000000000000026092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:25.650{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54588-false10.0.1.12-8000- 354300x800000000000000026093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:30.676{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54590-false10.0.1.12-8000- 154100x800000000000000026094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.560{ec2a2542-2813-6254-68a4-1af27c550000}2544/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.571{ec2a2542-2813-6254-68a4-1af27c550000}2544/bin/psroot 23542300x800000000000000026096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:35.815{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54592-false10.0.1.12-8000- 354300x800000000000000026098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:41.689{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54594-false10.0.1.12-8000- 354300x800000000000000026099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:46.759{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54596-false10.0.1.12-8000- 354300x800000000000000026100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:52.693{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54598-false10.0.1.12-8000- 354300x800000000000000026101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:57.749{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54600-false10.0.1.12-8000- 23542300x800000000000000026102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:01.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:02.803{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54602-false10.0.1.12-8000- 354300x800000000000000026104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:08.599{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54604-false10.0.1.12-8000- 354300x800000000000000026105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:13.645{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54606-false10.0.1.12-8000- 354300x800000000000000026106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:18.813{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54608-false10.0.1.12-8000- 354300x800000000000000026107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:23.291{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34320-false10.0.1.12-8089- 354300x800000000000000026108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:24.642{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54612-false10.0.1.12-8000- 354300x800000000000000026109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:29.741{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54614-false10.0.1.12-8000- 23542300x800000000000000026110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:31.816{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x800000000000000026111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:32.573{ec2a2542-2850-6254-68a4-7d491f560000}2545/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:32.590{ec2a2542-2850-6254-68a4-7d491f560000}2545/bin/psroot 354300x800000000000000026113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:34.779{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54616-false10.0.1.12-8000- 354300x800000000000000026114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:40.625{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54618-false10.0.1.12-8000- 354300x800000000000000026115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:45.818{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54620-false10.0.1.12-8000- 354300x800000000000000026116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:51.693{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54622-false10.0.1.12-8000- 354300x800000000000000026117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:56.776{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54624-false10.0.1.12-8000- 23542300x800000000000000026118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:01.813{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:02.605{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54626-false10.0.1.12-8000- 354300x800000000000000026120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:07.684{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54628-false10.0.1.12-8000- 354300x800000000000000026121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:13.677{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54630-false10.0.1.12-8000- 354300x800000000000000026122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:19.626{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54632-false10.0.1.12-8000- 354300x800000000000000026123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:23.295{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34344-false10.0.1.12-8089- 354300x800000000000000026124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:24.670{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54636-false10.0.1.12-8000- 354300x800000000000000026125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:30.665{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54638-false10.0.1.12-8000- 23542300x800000000000000026126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:31.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x800000000000000026127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:33.650{ec2a2542-288d-6254-6874-b67dda550000}2546/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:33.660{ec2a2542-288d-6254-6874-b67dda550000}2546/bin/psroot 354300x800000000000000026129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:35.667{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54640-false10.0.1.12-8000- 354300x800000000000000026130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:40.757{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54642-false10.0.1.12-8000- 534500x800000000000000026131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:45.241{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452/lib/systemd/systemd-journaldroot 354300x800000000000000026132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:45.827{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54644-false10.0.1.12-8000- 354300x800000000000000026133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:51.664{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54646-false10.0.1.12-8000- 354300x800000000000000026134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:56.664{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54648-false10.0.1.12-8000- 354300x800000000000000026135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:01.704{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54650-false10.0.1.12-8000- 23542300x800000000000000026136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:01.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:06.760{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54652-false10.0.1.12-8000- 354300x800000000000000026138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:12.720{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54654-false10.0.1.12-8000- 354300x800000000000000026139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:17.726{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54656-false10.0.1.12-8000- 354300x800000000000000026140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:23.301{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34368-false10.0.1.12-8089- 354300x800000000000000026141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:23.708{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54660-false10.0.1.12-8000- 354300x800000000000000026142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:29.614{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54662-false10.0.1.12-8000- 23542300x800000000000000026143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:31.770{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.633{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54664-false10.0.1.12-8000- 154100x800000000000000026145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.662{ec2a2542-28ca-6254-68c4-b80a29560000}2548/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.673{ec2a2542-28ca-6254-68c4-b80a29560000}2548/bin/psroot 354300x800000000000000026147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:39.749{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54666-false10.0.1.12-8000- 354300x800000000000000026148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:45.705{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54668-false10.0.1.12-8000- 354300x800000000000000026149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:50.707{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54670-false10.0.1.12-8000- 354300x800000000000000026150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:56.649{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54672-false10.0.1.12-8000- 23542300x800000000000000026151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:01.691{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:01.793{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54674-false10.0.1.12-8000- 354300x800000000000000026153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:07.633{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54676-false10.0.1.12-8000- 354300x800000000000000026154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:12.638{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54678-false10.0.1.12-8000- 354300x800000000000000026155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:17.757{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54680-false10.0.1.12-8000- 354300x800000000000000026156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:22.763{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54682-false10.0.1.12-8000- 354300x800000000000000026157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.316{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34394-false10.0.1.12-8089- 354300x800000000000000026158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.663{ec2a2542-0ffd-6254-e0d7-7e6a46560000}1010/usr/sbin/sshdroottcpfalsefalse10.0.1.14-63205-false10.0.1.20-22- 154100x800000000000000026159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.664{ec2a2542-28fb-6254-e0e7-64420e560000}2549/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1010--- 23542300x800000000000000026161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.365{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.365{00000000-0000-0000-0000-000000000000}2550<unknown process>sshd 534500x800000000000000026162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.366{00000000-0000-0000-0000-000000000000}2551<unknown process>root 154100x800000000000000026163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.383{ec2a2542-28fe-6254-5819-477f1c560000}2552/lib/systemd/systemd-----/lib/systemd/systemd --user/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot 534500x800000000000000026171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{00000000-0000-0000-0000-000000000000}2554<unknown process>root 534500x800000000000000026169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2562-root 534500x800000000000000026167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2558-root 534500x800000000000000026166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2556-root 534500x800000000000000026165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2555-root 23542300x800000000000000026164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{00000000-0000-0000-0000-000000000000}2559<unknown process>root 534500x800000000000000026172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{00000000-0000-0000-0000-000000000000}2553<unknown process>root 534500x800000000000000026170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{ec2a2542-28fe-6254-0000-000000000000}2561-root 534500x800000000000000026168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{ec2a2542-28fe-6254-0000-000000000000}2560-root 154100x800000000000000026174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.401{ec2a2542-28fe-6254-d0a2-94eed3550000}2568/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator-----/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2564--- 23542300x800000000000000026175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.402{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{00000000-0000-0000-0000-000000000000}2563<unknown process>root 534500x800000000000000026177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{00000000-0000-0000-0000-000000000000}2565<unknown process>root 534500x800000000000000026176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{ec2a2542-28fe-6254-0000-000000000000}2566-root 534500x800000000000000026179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.404{ec2a2542-28fe-6254-0000-000000000000}2567-root 534500x800000000000000026180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.406{ec2a2542-28fe-6254-d0a2-94eed3550000}2568/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generatorubuntu 154100x800000000000000026181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.408{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bash-----/bin/bash /usr/lib/systemd/user-environment-generators/90gpg-agent/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2564--- 154100x800000000000000026182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.410{ec2a2542-28fe-6254-b0ff-2f9933560000}2570/usr/bin/gpgconf-----gpgconf --list-dirs agent-socket/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bash/bin/bashubuntu 534500x800000000000000026185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{00000000-0000-0000-0000-000000000000}2572<unknown process>root 534500x800000000000000026184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{ec2a2542-28fe-6254-0000-000000000000}2571-root 23542300x800000000000000026183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.415{ec2a2542-28fe-6254-b0ff-2f9933560000}2570/usr/bin/gpgconfubuntu 154100x800000000000000026188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.416{ec2a2542-28fe-6254-f02c-37d046560000}2575/usr/bin/gawk-----awk -F: /^enable-ssh-support:/{ print $10 }/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2573--- 154100x800000000000000026187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.416{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconf-----gpgconf --list-options gpg-agent/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2573--- 154100x800000000000000026189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.418{ec2a2542-28fe-6254-c815-43c74f560000}2576/usr/bin/gpg-agent-----gpg-agent --gpgconf-list/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconfgpgconfubuntu 534500x800000000000000026190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.427{ec2a2542-28fe-6254-c815-43c74f560000}2576/usr/bin/gpg-agentubuntu 534500x800000000000000026194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bashubuntu 534500x800000000000000026193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{00000000-0000-0000-0000-000000000000}2573<unknown process>ubuntu 534500x800000000000000026192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-f02c-37d046560000}2575/usr/bin/gawkubuntu 534500x800000000000000026191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconfubuntu 534500x800000000000000026195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.429{ec2a2542-28fe-6254-0000-000000000000}2564-ubuntu 534500x800000000000000026196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.430{00000000-0000-0000-0000-000000000000}2577<unknown process>ubuntu 154100x800000000000000026197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.458{ec2a2542-28fe-6254-d0fc-328b33560000}2578/bin/systemctl-----/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-5819-477f1c560000}2552/lib/systemd/systemd/lib/systemd/systemdubuntu 534500x800000000000000026198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.464{ec2a2542-28fe-6254-d0fc-328b33560000}2578/bin/systemctlubuntu 154100x800000000000000026199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.468{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fb-6254-e0e7-64420e560000}2549/usr/sbin/sshd/usr/sbin/sshdroot 154100x800000000000000026201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.469{ec2a2542-28fe-6254-381a-7a14dc550000}2580/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashshroot 154100x800000000000000026200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.469{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashshroot 154100x800000000000000026202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.471{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-807e-f13d6e550000}2583/bin/uname-----uname -r/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot 534500x800000000000000026204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-80ae-3cc7e1550000}2582/bin/unameroot 154100x800000000000000026203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-80ae-3cc7e1550000}2582/bin/uname-----uname -o/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot 534500x800000000000000026208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-80de-e782cd550000}2584/bin/unameroot 154100x800000000000000026207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-80de-e782cd550000}2584/bin/uname-----uname -m/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot 534500x800000000000000026206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-807e-f13d6e550000}2583/bin/unameroot 154100x800000000000000026210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.480{ec2a2542-28fe-6254-6882-8b6436560000}2585/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.480{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dashroot 534500x800000000000000026212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.481{ec2a2542-28fe-6254-6882-8b6436560000}2585/bin/dashroot 23542300x800000000000000026211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.481{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:34242--- 154100x800000000000000026213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.482{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.484{ec2a2542-28fe-6254-509c-8bf64b560000}2587/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot 154100x800000000000000026219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-989f-a40a04560000}2590/usr/bin/bc-----bc/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2588--- 154100x800000000000000026216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-b8e0-b577ad550000}2591/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2589--- 534500x800000000000000026215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-509c-8bf64b560000}2587/bin/greproot 534500x800000000000000026218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.486{00000000-0000-0000-0000-000000000000}2589<unknown process>root 534500x800000000000000026217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.486{ec2a2542-28fe-6254-b8e0-b577ad550000}2591/usr/bin/cutroot 154100x800000000000000026222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-080f-e12850560000}2592/bin/date-----/bin/date/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot 534500x800000000000000026221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-0000-000000000000}2588-root 534500x800000000000000026220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-989f-a40a04560000}2590/usr/bin/bcroot 154100x800000000000000026224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.489{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot 534500x800000000000000026223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.489{ec2a2542-28fe-6254-080f-e12850560000}2592/bin/dateroot 154100x800000000000000026226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.700{ec2a2542-28fe-6254-b8d1-47a8f87f0000}2594/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root 154100x800000000000000026225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.700{ec2a2542-28fe-6254-68f2-918200560000}2594/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.701{ec2a2542-28fe-6254-68f2-918200560000}2594/bin/dashroot 154100x800000000000000026229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.774{ec2a2542-28fe-6254-b8c1-49bc947f0000}2595/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root 154100x800000000000000026228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.774{ec2a2542-28fe-6254-6802-a1b060550000}2595/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.776{ec2a2542-28fe-6254-6802-a1b060550000}2595/bin/dashroot 534500x800000000000000026231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.020{00000000-0000-0000-0000-000000000000}2596<unknown process>root 154100x800000000000000026232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.089{ec2a2542-28ff-6254-f003-ba8fb3550000}2597/usr/bin/who-----who -q/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.093{ec2a2542-28ff-6254-f003-ba8fb3550000}2597/usr/bin/whoroot 154100x800000000000000026236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dashroot 534500x800000000000000026234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6root 154100x800000000000000026241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-e095-7589dd550000}2601/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot 154100x800000000000000026239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-b820-36d485550000}2602/usr/bin/cut-----cut -c -80/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot 154100x800000000000000026238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-78a2-794cd3550000}2600/usr/bin/head-----head -n 10/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot 154100x800000000000000026237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-d0b9-219a33560000}2599/bin/cat-----cat /var/cache/motd-news/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot 534500x800000000000000026243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.166{ec2a2542-28ff-6254-d0b9-219a33560000}2599/bin/catroot 534500x800000000000000026240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.166{ec2a2542-28ff-6254-78a2-794cd3550000}2600/usr/bin/headroot 154100x800000000000000026246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-6802-79df01560000}2603/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dashroot 534500x800000000000000026244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-b820-36d485550000}2602/usr/bin/cutroot 534500x800000000000000026242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-e095-7589dd550000}2601/usr/bin/trroot 534500x800000000000000026247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.171{ec2a2542-28ff-6254-6802-79df01560000}2603/bin/dashroot 154100x800000000000000026248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.172{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.173{ec2a2542-28ff-6254-d079-d6330e560000}2605/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dash/bin/shroot 154100x800000000000000026252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-6882-9d7f5b550000}2606/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dashroot 534500x800000000000000026250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-d079-d6330e560000}2605/bin/catroot 154100x800000000000000026260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6872-2e966e550000}2607/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6882-9d7f5b550000}2606/bin/dashroot 154100x800000000000000026256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.176{ec2a2542-28ff-6254-b840-ada5bc550000}2610/usr/bin/cut-----cut -d -f4/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2608--- 154100x800000000000000026255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.176{ec2a2542-28ff-6254-a036-7b0000000000}2609/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2608--- 534500x800000000000000026259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28fe-6254-0000-000000000000}2608-root 534500x800000000000000026258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28ff-6254-b840-ada5bc550000}2610/usr/bin/cutroot 534500x800000000000000026257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28ff-6254-a036-7b0000000000}2609/usr/bin/python3.6root 154100x800000000000000026261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.233{ec2a2542-28ff-6254-08df-5e2a8e550000}2611/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot 154100x800000000000000026263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.234{ec2a2542-28ff-6254-8834-e3c6a4550000}2612/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot 534500x800000000000000026262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.234{ec2a2542-28ff-6254-08df-5e2a8e550000}2611/bin/dateroot 154100x800000000000000026265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.236{ec2a2542-28ff-6254-98e5-81b8ef550000}2613/usr/bin/expr-----expr 1649433960 + 86400/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot 534500x800000000000000026264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.236{ec2a2542-28ff-6254-8834-e3c6a4550000}2612/usr/bin/statroot 154100x800000000000000026268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.238{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/ubuntu-release-upgrader/check-new-release -q/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot 534500x800000000000000026266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.238{ec2a2542-28ff-6254-98e5-81b8ef550000}2613/usr/bin/exprroot 154100x800000000000000026270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6872-99c685550000}2615/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6842-8317e4550000}2615/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dashroot 154100x800000000000000026273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-68d2-a877e1550000}2616/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-6842-8317e4550000}2615/bin/dashroot 154100x800000000000000026274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.244{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.248{ec2a2542-28ff-6254-70f1-e971a7550000}2618/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-configapt-configroot 534500x800000000000000026277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.250{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-configroot 534500x800000000000000026276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.250{ec2a2542-28ff-6254-70f1-e971a7550000}2618/usr/bin/dpkgroot 154100x800000000000000026278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.251{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.255{ec2a2542-28ff-6254-70e1-cbb829560000}2620/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-configapt-configroot 534500x800000000000000026280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.257{ec2a2542-28ff-6254-70e1-cbb829560000}2620/usr/bin/dpkgroot 154100x800000000000000026282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.258{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 534500x800000000000000026281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.258{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-configroot 154100x800000000000000026283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.262{ec2a2542-28ff-6254-7001-5bedf8550000}2622/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-configapt-configroot 534500x800000000000000026284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.264{ec2a2542-28ff-6254-7001-5bedf8550000}2622/usr/bin/dpkgroot 154100x800000000000000026286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.265{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 534500x800000000000000026285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.265{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-configroot 154100x800000000000000026287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.270{ec2a2542-28ff-6254-7031-9e8f43560000}2624/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-configapt-configroot 534500x800000000000000026289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.272{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-configroot 534500x800000000000000026288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.272{ec2a2542-28ff-6254-7031-9e8f43560000}2624/usr/bin/dpkgroot 154100x800000000000000026290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.275{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.291{ec2a2542-28ff-6254-7031-d5198e550000}2626/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-configapt-configroot 534500x800000000000000026292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.293{ec2a2542-28ff-6254-7031-d5198e550000}2626/usr/bin/dpkgroot 534500x800000000000000026293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.294{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-configroot 154100x800000000000000026294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.295{ec2a2542-28ff-6254-9020-05831c560000}2627/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-a820-bf4edf550000}2628/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-e858-3a7de1550000}2629/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2628--- 534500x800000000000000026295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-9020-05831c560000}2627/usr/bin/findroot 534500x800000000000000026299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.300{ec2a2542-28ff-6254-a820-bf4edf550000}2628/bin/mktemproot 534500x800000000000000026297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.300{ec2a2542-28ff-6254-e858-3a7de1550000}2629/usr/bin/dirnameroot 154100x800000000000000026300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.301{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/hwe-support-status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.359{ec2a2542-28ff-6254-70a1-169da6550000}2631/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 23542300x800000000000000026303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.361{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.e10XSt--- 534500x800000000000000026302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.361{ec2a2542-28ff-6254-70a1-169da6550000}2631/usr/bin/dpkgroot 23542300x800000000000000026304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.366{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.oSYGxU--- 23542300x800000000000000026305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.372{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.UWpkdl--- 23542300x800000000000000026306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.373{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.GepeTL--- 23542300x800000000000000026307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.375{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.S5Ipzc--- 23542300x800000000000000026308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.379{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.A4kkgD--- 23542300x800000000000000026309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.381{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.k8fuX3--- 23542300x800000000000000026310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.386{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.aursFu--- 23542300x800000000000000026311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.387{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.mAoHnV--- 23542300x800000000000000026312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.389{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.8zxa6l--- 23542300x800000000000000026313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.390{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.iv9QOM--- 23542300x800000000000000026314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.391{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2qVKxd--- 23542300x800000000000000026315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.393{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I5CUgE--- 23542300x800000000000000026316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.394{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.qzOj04--- 23542300x800000000000000026317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.396{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.UHxZJv--- 23542300x800000000000000026318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.397{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2MLUtW--- 23542300x800000000000000026319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.399{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.wxS7dn--- 154100x800000000000000026320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.400{ec2a2542-28ff-6254-70a1-0d9cd9550000}2632/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.403{ec2a2542-28ff-6254-70a1-0d9cd9550000}2632/usr/bin/dpkgroot 154100x800000000000000026322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.417{ec2a2542-28ff-6254-a036-7b0000000000}2633/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.471{ec2a2542-28ff-6254-a036-7b0000000000}2633/usr/bin/python3.6root 154100x800000000000000026324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.472{ec2a2542-28ff-6254-70d1-8d5d8a550000}2634/usr/bin/dpkg-----dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.474{ec2a2542-28ff-6254-70d1-8d5d8a550000}2634/usr/bin/dpkgroot 534500x800000000000000026326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.493{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6root 154100x800000000000000026327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.494{ec2a2542-28ff-6254-885b-49138c550000}2635/bin/mv-----mv /var/lib/update-notifier/tmp.I1AUa8mpL0 /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 154100x800000000000000026329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.495{ec2a2542-28ff-6254-d019-be6f30560000}2636/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 534500x800000000000000026328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.495{ec2a2542-28ff-6254-885b-49138c550000}2635/bin/mvroot 154100x800000000000000026331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.496{ec2a2542-28ff-6254-70c3-b0f470550000}2637/bin/rm-----rm -f /var/lib/update-notifier/tmp.I1AUa8mpL0/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot 534500x800000000000000026330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.496{ec2a2542-28ff-6254-d019-be6f30560000}2636/bin/catroot 534500x800000000000000026333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.497{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dashroot 534500x800000000000000026332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.497{ec2a2542-28ff-6254-70c3-b0f470550000}2637/bin/rmroot 154100x800000000000000026334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.498{ec2a2542-28ff-6254-6832-b8d736560000}2638/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.500{ec2a2542-28ff-6254-506c-d0beb0550000}2640/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639--- 154100x800000000000000026335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.500{ec2a2542-28ff-6254-6862-9f47f9550000}2640/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639--- 154100x800000000000000026337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.501{ec2a2542-28ff-6254-188a-8f573a560000}2641/usr/bin/sort-----sort -r/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639--- 534500x800000000000000026338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.502{ec2a2542-28ff-6254-6862-9f47f9550000}2640/bin/dashroot 534500x800000000000000026341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{ec2a2542-28ff-6254-6832-b8d736560000}2638/bin/dashroot 534500x800000000000000026340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{00000000-0000-0000-0000-000000000000}2639<unknown process>root 534500x800000000000000026339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{ec2a2542-28ff-6254-188a-8f573a560000}2641/usr/bin/sortroot 154100x800000000000000026343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.504{ec2a2542-28ff-6254-68b2-8f4745560000}2642/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.504{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.510{ec2a2542-28ff-6254-8894-11df70550000}2643/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 154100x800000000000000026348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-085f-9c25bc550000}2644/bin/date-----date -d now - 6414.04 seconds +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 154100x800000000000000026346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-f0bc-7d628b550000}2645/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2644--- 534500x800000000000000026345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-8894-11df70550000}2643/usr/bin/statroot 154100x800000000000000026350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-086f-6c6ad4550000}2646/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 534500x800000000000000026349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-085f-9c25bc550000}2644/bin/dateroot 534500x800000000000000026347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-f0bc-7d628b550000}2645/usr/bin/gawkroot 534500x800000000000000026351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.519{ec2a2542-28ff-6254-086f-6c6ad4550000}2646/bin/dateroot 154100x800000000000000026353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.521{ec2a2542-28ff-6254-f00c-0b0335560000}2649/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2647--- 154100x800000000000000026352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.521{ec2a2542-28ff-6254-a852-6d210f560000}2648/bin/mount-----mount/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2647--- 534500x800000000000000026355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.524{ec2a2542-28ff-6254-f00c-0b0335560000}2649/usr/bin/gawkroot 534500x800000000000000026354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.524{ec2a2542-28ff-6254-a852-6d210f560000}2648/bin/mountroot 154100x800000000000000026357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.528{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 534500x800000000000000026356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.528{00000000-0000-0000-0000-000000000000}2647<unknown process>root 924900x800000000000000026358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.530{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fs/dev/nvme0n1p1root 154100x800000000000000026360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.531{ec2a2542-28ff-6254-507c-dc0e61550000}2653/bin/grep-----grep ^Mount count:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2651--- 534500x800000000000000026359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.531{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fsroot 154100x800000000000000026361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.532{ec2a2542-28ff-6254-b820-be6af5550000}2654/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2651--- 534500x800000000000000026363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.534{ec2a2542-28ff-6254-507c-dc0e61550000}2653/bin/greproot 534500x800000000000000026362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.534{00000000-0000-0000-0000-000000000000}2652<unknown process>root 534500x800000000000000026365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.535{ec2a2542-28ff-6254-0000-000000000000}2651-root 534500x800000000000000026364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.535{ec2a2542-28ff-6254-b820-be6af5550000}2654/usr/bin/cutroot 154100x800000000000000026367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.542{ec2a2542-28ff-6254-506c-97c33e560000}2657/bin/grep-----grep ^Maximum mount count:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2655--- 154100x800000000000000026368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.543{ec2a2542-28ff-6254-b850-591a24560000}2658/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2655--- 534500x800000000000000026366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.543{ec2a2542-28ff-6254-0000-000000000000}2656-root 534500x800000000000000026370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.544{ec2a2542-28ff-6254-b850-591a24560000}2658/usr/bin/cutroot 534500x800000000000000026369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.544{ec2a2542-28ff-6254-506c-97c33e560000}2657/bin/greproot 534500x800000000000000026371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.549{00000000-0000-0000-0000-000000000000}2655<unknown process>root 154100x800000000000000026376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-b8d0-be8411560000}2663/usr/bin/cut-----cut -d( -f 1/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659--- 154100x800000000000000026374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-b880-ba32d5550000}2662/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659--- 154100x800000000000000026373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-50fc-5c0f48560000}2661/bin/grep-----grep ^Check interval:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659--- 534500x800000000000000026372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-0000-000000000000}2660-root 534500x800000000000000026375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.551{ec2a2542-28ff-6254-50fc-5c0f48560000}2661/bin/greproot 534500x800000000000000026377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.555{ec2a2542-28ff-6254-b880-ba32d5550000}2662/usr/bin/cutroot 154100x800000000000000026382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-b8f0-6170dc550000}2667/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2664--- 154100x800000000000000026381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-50cc-7c9070550000}2666/bin/grep-----grep ^Next check after:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2664--- 534500x800000000000000026380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-0000-000000000000}2665-root 534500x800000000000000026379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{00000000-0000-0000-0000-000000000000}2659<unknown process>root 534500x800000000000000026378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-b8d0-be8411560000}2663/usr/bin/cutroot 534500x800000000000000026383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.561{ec2a2542-28ff-6254-50cc-7c9070550000}2666/bin/greproot 154100x800000000000000026386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{ec2a2542-28ff-6254-088f-e48175550000}2668/bin/date-----date -d +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 534500x800000000000000026385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{00000000-0000-0000-0000-000000000000}2664<unknown process>root 534500x800000000000000026384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{ec2a2542-28ff-6254-b8f0-6170dc550000}2667/usr/bin/cutroot 534500x800000000000000026387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.564{ec2a2542-28ff-6254-088f-e48175550000}2668/bin/dateroot 154100x800000000000000026388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.565{ec2a2542-28ff-6254-d0f9-cdcb07560000}2669/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot 534500x800000000000000026390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.566{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dashroot 534500x800000000000000026389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.566{ec2a2542-28ff-6254-d0f9-cdcb07560000}2669/bin/catroot 154100x800000000000000026392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.567{ec2a2542-28ff-6254-6862-763267550000}2670/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 154100x800000000000000026391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.567{ec2a2542-28ff-6254-6892-7852c1550000}2670/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot 534500x800000000000000026395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashroot 534500x800000000000000026394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/envroot 534500x800000000000000026393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28ff-6254-6892-7852c1550000}2670/bin/dashroot 154100x800000000000000026397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.631{ec2a2542-28ff-6254-30c5-b9c4a1550000}2672/usr/lib/openssh/sftp-server-----/usr/lib/openssh/sftp-server/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2671--- 154100x800000000000000026396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.631{ec2a2542-28ff-6254-0874-2a80da550000}2672/bin/bash-----bash -c /usr/lib/openssh/sftp-server/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2671--- 23542300x800000000000000026398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.757{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.0c1QWO--- 23542300x800000000000000026399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.761{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.McJlGg--- 23542300x800000000000000026400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.765{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.YKgzqI--- 23542300x800000000000000026401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.767{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.KoF2aa--- 23542300x800000000000000026402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.768{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.ANRLVB--- 23542300x800000000000000026403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.773{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.mWKcH3--- 23542300x800000000000000026404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.774{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I29Ssv--- 23542300x800000000000000026405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.778{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.MrngfX--- 23542300x800000000000000026406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.780{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.QAvT1o--- 23542300x800000000000000026407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.781{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.IWKJOQ--- 23542300x800000000000000026408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.782{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I7ZMBi--- 23542300x800000000000000026409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.783{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.oK22oK--- 23542300x800000000000000026410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.785{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.6Bszcc--- 23542300x800000000000000026411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.787{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.8XCt0D--- 23542300x800000000000000026412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.789{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2P9DO5--- 23542300x800000000000000026413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.790{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.iFZ3Cx--- 354300x800000000000000026414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.791{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54686-false10.0.1.12-8000- 23542300x800000000000000026415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.792{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.wSfNrZ--- 154100x800000000000000026416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.795{ec2a2542-28ff-6254-a036-7b0000000000}2673/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.838{ec2a2542-28ff-6254-a036-7b0000000000}2673/usr/bin/python3.6root 154100x800000000000000026418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.844{ec2a2542-28ff-6254-a036-7b0000000000}2674/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.890{ec2a2542-28ff-6254-a036-7b0000000000}2674/usr/bin/python3.6root 154100x800000000000000026420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.892{ec2a2542-28ff-6254-a036-7b0000000000}2675/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.935{ec2a2542-28ff-6254-a036-7b0000000000}2675/usr/bin/python3.6root 154100x800000000000000026422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.937{ec2a2542-28ff-6254-a036-7b0000000000}2676/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -r -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.978{ec2a2542-28ff-6254-a036-7b0000000000}2676/usr/bin/python3.6root 354300x800000000000000026427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44111-false10.0.0.2-53- 354300x800000000000000026426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44520-false10.0.0.2-53- 354300x800000000000000026425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x800000000000000026424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6rootudptruefalse127.0.0.1-45201-false127.0.0.53-53- 354300x800000000000000026428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.015{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45201- 354300x800000000000000026429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.016{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6rootudpfalsefalse127.0.0.53-53-false127.0.0.1-45201- 534500x800000000000000026432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{00000000-0000-0000-0000-000000000000}2678<unknown process>root 534500x800000000000000026431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{ec2a2542-2900-6254-0000-000000000000}2679-root 23542300x800000000000000026430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 354300x800000000000000026433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.102{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6roottcptruefalse10.0.1.20-35356-false91.189.91.49-443- 534500x800000000000000026434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.156{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6root 534500x800000000000000026435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.171{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6root 23542300x800000000000000026436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:31.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:33.662{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54690-false10.0.1.12-8000- 154100x800000000000000026438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:35.733{ec2a2542-2907-6254-6844-7c6c82550000}2680/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:35.746{ec2a2542-2907-6254-6844-7c6c82550000}2680/bin/psroot 354300x800000000000000026440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:39.618{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54692-false10.0.1.12-8000- 354300x800000000000000026441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:44.703{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54694-false10.0.1.12-8000- 354300x800000000000000026442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:50.600{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54696-false10.0.1.12-8000- 354300x800000000000000026443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:55.796{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54698-false10.0.1.12-8000- 354300x800000000000000026444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:01.704{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54700-false10.0.1.12-8000- 23542300x800000000000000026445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:01.813{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x800000000000000026447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:04.809{ec2a2542-2924-6254-e057-8c3ef0550000}2682/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1010--- 354300x800000000000000026446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:04.809{ec2a2542-0ffd-6254-e0d7-7e6a46560000}1010/usr/sbin/sshdroottcpfalsefalse212.187.221.38-52566-false10.0.1.20-22- 354300x800000000000000026448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:06.819{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54702-false10.0.1.12-8000- 534500x800000000000000026449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.500{00000000-0000-0000-0000-000000000000}2683<unknown process>sshd 154100x800000000000000026450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.507{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2924-6254-e057-8c3ef0550000}2682/usr/sbin/sshd/usr/sbin/sshdroot 154100x800000000000000026452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.508{ec2a2542-2927-6254-38ca-f77774550000}2685/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashshroot 154100x800000000000000026451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.508{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashshroot 154100x800000000000000026453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.509{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.510{ec2a2542-2927-6254-80de-de6e19560000}2687/bin/unameroot 154100x800000000000000026454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.510{ec2a2542-2927-6254-80de-de6e19560000}2687/bin/uname-----uname -o/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot 154100x800000000000000026458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-80ae-18a624560000}2689/bin/uname-----uname -m/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot 534500x800000000000000026457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-808e-6e3476550000}2688/bin/unameroot 154100x800000000000000026456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-808e-6e3476550000}2688/bin/uname-----uname -r/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot 154100x800000000000000026461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-6862-a4fce2550000}2690/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dashroot 534500x800000000000000026459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-80ae-18a624560000}2689/bin/unameroot 154100x800000000000000026464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-501c-414747560000}2692/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot 154100x800000000000000026463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-6862-a4fce2550000}2690/bin/dashroot 154100x800000000000000026466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.515{ec2a2542-2927-6254-988f-08aa94550000}2695/usr/bin/bc-----bc/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2693--- 534500x800000000000000026465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.515{ec2a2542-2927-6254-501c-414747560000}2692/bin/greproot 534500x800000000000000026470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-988f-08aa94550000}2695/usr/bin/bcroot 534500x800000000000000026469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{00000000-0000-0000-0000-000000000000}2694<unknown process>root 534500x800000000000000026468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-b8f0-2bcf6e550000}2696/usr/bin/cutroot 154100x800000000000000026467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-b8f0-2bcf6e550000}2696/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2694--- 154100x800000000000000026472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.518{ec2a2542-2927-6254-08df-361d44560000}2697/bin/date-----/bin/date/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot 534500x800000000000000026471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.518{ec2a2542-2900-6254-0000-000000000000}2693-root 154100x800000000000000026474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.519{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot 534500x800000000000000026473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.519{ec2a2542-2927-6254-08df-361d44560000}2697/bin/dateroot 154100x800000000000000026476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.706{ec2a2542-2927-6254-b851-4fa05b7f0000}2699/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root 154100x800000000000000026475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.706{ec2a2542-2927-6254-6892-5679e1550000}2699/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.707{ec2a2542-2927-6254-6892-5679e1550000}2699/bin/dashroot 154100x800000000000000026479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.743{ec2a2542-2927-6254-b801-415c417f0000}2700/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root 154100x800000000000000026478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.743{ec2a2542-2927-6254-6822-5b875a550000}2700/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.745{ec2a2542-2927-6254-6822-5b875a550000}2700/bin/dashroot 534500x800000000000000026481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.846{00000000-0000-0000-0000-000000000000}2701<unknown process>root 154100x800000000000000026482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.881{ec2a2542-2927-6254-f083-8b6c63550000}2702/usr/bin/who-----who -q/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000026483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.886{ec2a2542-2927-6254-f083-8b6c63550000}2702/usr/bin/whoroot 534500x800000000000000026484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.954{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6root 154100x800000000000000026486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.955{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.955{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dashroot 154100x800000000000000026492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-e095-9ada8e550000}2706/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot 154100x800000000000000026491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-b810-5698ea550000}2707/usr/bin/cut-----cut -c -80/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot 154100x800000000000000026489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-78d2-c36473550000}2705/usr/bin/head-----head -n 10/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot 534500x800000000000000026488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-d0c9-250c1d560000}2704/bin/catroot 154100x800000000000000026487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-d0c9-250c1d560000}2704/bin/cat-----cat /var/cache/motd-news/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot 534500x800000000000000026490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.957{ec2a2542-2927-6254-78d2-c36473550000}2705/usr/bin/headroot 534500x800000000000000026493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.958{ec2a2542-2927-6254-e095-9ada8e550000}2706/usr/bin/trroot 154100x800000000000000026496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-6872-c50aa3550000}2708/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dashroot 534500x800000000000000026494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-b810-5698ea550000}2707/usr/bin/cutroot 154100x800000000000000026499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-d0c9-52504c560000}2710/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dash/bin/shroot 154100x800000000000000026498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-6872-c50aa3550000}2708/bin/dashroot 154100x800000000000000026502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-6882-b27db9550000}2711/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dashroot 534500x800000000000000026500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-d0c9-52504c560000}2710/bin/catroot 154100x800000000000000026510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-6892-d3971f560000}2712/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 154100x800000000000000026504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-6882-b27db9550000}2711/bin/dashroot 154100x800000000000000026506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.968{ec2a2542-2927-6254-b8f0-bb46a7550000}2715/usr/bin/cut-----cut -d -f4/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2713--- 154100x800000000000000026505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.968{ec2a2542-2927-6254-a036-7b0000000000}2714/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2713--- 534500x800000000000000026509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2900-6254-0000-000000000000}2713-root 534500x800000000000000026508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2927-6254-b8f0-bb46a7550000}2715/usr/bin/cutroot 534500x800000000000000026507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2927-6254-a036-7b0000000000}2714/usr/bin/python3.6root 154100x800000000000000026511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.013{ec2a2542-2928-6254-083f-209eed550000}2716/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot 154100x800000000000000026513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.014{ec2a2542-2928-6254-88e4-8bdc22560000}2717/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot 534500x800000000000000026512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.014{ec2a2542-2928-6254-083f-209eed550000}2716/bin/dateroot 154100x800000000000000026515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.015{ec2a2542-2928-6254-9815-ce090a560000}2718/usr/bin/expr-----expr 1649682689 + 86400/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot 534500x800000000000000026514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.015{ec2a2542-2928-6254-88e4-8bdc22560000}2717/usr/bin/statroot 154100x800000000000000026517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.016{ec2a2542-2928-6254-d079-245129560000}2719/bin/cat-----cat /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot 534500x800000000000000026516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.016{ec2a2542-2928-6254-9815-ce090a560000}2718/usr/bin/exprroot 154100x800000000000000026521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-6862-1812dd550000}2720/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 154100x800000000000000026520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-68b2-5f8356550000}2720/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dashroot 534500x800000000000000026518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-d079-245129560000}2719/bin/catroot 154100x800000000000000026524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-6872-72060f560000}2721/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 154100x800000000000000026523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-68b2-5f8356550000}2720/bin/dashroot 154100x800000000000000026525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.019{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 154100x800000000000000026526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.023{ec2a2542-2928-6254-7071-8c0a21560000}2723/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-configapt-configroot 534500x800000000000000026528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.027{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-configroot 534500x800000000000000026527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.027{ec2a2542-2928-6254-7071-8c0a21560000}2723/usr/bin/dpkgroot 154100x800000000000000026529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.028{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 154100x800000000000000026530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.032{ec2a2542-2928-6254-70e1-151e44560000}2725/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-configapt-configroot 534500x800000000000000026531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.034{ec2a2542-2928-6254-70e1-151e44560000}2725/usr/bin/dpkgroot 154100x800000000000000026533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.035{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 534500x800000000000000026532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.035{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-configroot 154100x800000000000000026534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.040{ec2a2542-2928-6254-7081-87ff1a560000}2727/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-configapt-configroot 154100x800000000000000026537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 534500x800000000000000026536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-configroot 534500x800000000000000026535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7081-87ff1a560000}2727/usr/bin/dpkgroot 154100x800000000000000026538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.046{ec2a2542-2928-6254-70c1-878fd4550000}2729/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-configapt-configroot 534500x800000000000000026539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.048{ec2a2542-2928-6254-70c1-878fd4550000}2729/usr/bin/dpkgroot 154100x800000000000000026541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.049{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 534500x800000000000000026540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.049{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-configroot 154100x800000000000000026542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.053{ec2a2542-2928-6254-70c1-cb519f550000}2731/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-configapt-configroot 534500x800000000000000026544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.055{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-configroot 534500x800000000000000026543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.055{ec2a2542-2928-6254-70c1-cb519f550000}2731/usr/bin/dpkgroot 154100x800000000000000026545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.056{ec2a2542-2928-6254-9080-f5d702560000}2732/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 154100x800000000000000026549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-a8c0-023758550000}2733/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 154100x800000000000000026547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-e8a8-997b47560000}2734/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2733--- 534500x800000000000000026546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-9080-f5d702560000}2732/usr/bin/findroot 534500x800000000000000026550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.058{ec2a2542-2928-6254-a8c0-023758550000}2733/bin/mktemproot 534500x800000000000000026548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.058{ec2a2542-2928-6254-e8a8-997b47560000}2734/usr/bin/dirnameroot 154100x800000000000000026553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-70c3-34bfc1550000}2736/bin/rm-----rm -f /var/lib/update-notifier/tmp.fqgHbSelw3/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 534500x800000000000000026552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-d039-8deb45560000}2735/bin/catroot 154100x800000000000000026551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-d039-8deb45560000}2735/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot 154100x800000000000000026557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-6832-cd0b06560000}2737/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dashroot 534500x800000000000000026555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-70c3-34bfc1550000}2736/bin/rmroot 23542300x800000000000000026554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-70c3-34bfc1550000}2736root/bin/rm/var/lib/update-notifier/tmp.fqgHbSelw3--- 154100x800000000000000026560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-506c-db3970550000}2739/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738--- 154100x800000000000000026559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-18fa-58c71d560000}2740/usr/bin/sort-----sort -r/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738--- 154100x800000000000000026558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-68f2-b267e0550000}2739/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738--- 534500x800000000000000026563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{00000000-0000-0000-0000-000000000000}2738<unknown process>root 534500x800000000000000026562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{ec2a2542-2928-6254-18fa-58c71d560000}2740/usr/bin/sortroot 534500x800000000000000026561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{ec2a2542-2928-6254-68f2-b267e0550000}2739/bin/dashroot 154100x800000000000000026566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6892-b2e218560000}2741/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6832-cd0b06560000}2737/bin/dashroot 154100x800000000000000026564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 154100x800000000000000026571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-086f-49ae0c560000}2743/bin/date-----date -d now - 6454.59 seconds +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot 534500x800000000000000026568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-8814-030fb1550000}2742/usr/bin/statroot 154100x800000000000000026567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-8814-030fb1550000}2742/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot 154100x800000000000000026569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.065{ec2a2542-2928-6254-f07c-539497550000}2744/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2743--- 534500x800000000000000026570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.066{ec2a2542-2928-6254-f07c-539497550000}2744/usr/bin/gawkroot 154100x800000000000000026573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.067{ec2a2542-2928-6254-08df-dad52c560000}2745/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot 534500x800000000000000026572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.067{ec2a2542-2928-6254-086f-49ae0c560000}2743/bin/dateroot 534500x800000000000000026576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-d0e9-6f9139560000}2746/bin/catroot 154100x800000000000000026575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-d0e9-6f9139560000}2746/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot 534500x800000000000000026574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-08df-dad52c560000}2745/bin/dateroot 154100x800000000000000026579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6862-e3a669550000}2747/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 154100x800000000000000026578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6872-c0316c550000}2747/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot 534500x800000000000000026577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dashroot 534500x800000000000000026582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/envroot 534500x800000000000000026581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashroot 534500x800000000000000026580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2928-6254-6872-c0316c550000}2747/bin/dashroot 154100x800000000000000026583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.426{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash------bash/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2748--- 154100x800000000000000026584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.433{ec2a2542-2928-6254-881e-2f5034560000}2751/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2750--- 534500x800000000000000026586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.435{00000000-0000-0000-0000-000000000000}2750<unknown process>ubuntu 534500x800000000000000026585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.435{ec2a2542-2928-6254-881e-2f5034560000}2751/usr/bin/locale-checkubuntu 154100x800000000000000026587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.438{ec2a2542-2928-6254-3040-64d279550000}2752/usr/bin/locale-----locale/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu 534500x800000000000000026588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.440{ec2a2542-2928-6254-3040-64d279550000}2752/usr/bin/localeubuntu 534500x800000000000000026589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.442{00000000-0000-0000-0000-000000000000}2753<unknown process>ubuntu 154100x800000000000000026590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.472{ec2a2542-2928-6254-6892-373439560000}2755/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2754--- 154100x800000000000000026591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.474{ec2a2542-2928-6254-e8eb-02d3ea550000}2756/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-6892-373439560000}2755/bin/dash/bin/shubuntu 154100x800000000000000026593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.476{ec2a2542-2928-6254-e8c8-48bf52560000}2758/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2757--- 534500x800000000000000026592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.476{ec2a2542-2928-6254-e8eb-02d3ea550000}2756/usr/bin/basenameubuntu 534500x800000000000000026596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{ec2a2542-2928-6254-6892-373439560000}2755/bin/dashubuntu 534500x800000000000000026595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{00000000-0000-0000-0000-000000000000}2757<unknown process>ubuntu 534500x800000000000000026594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{ec2a2542-2928-6254-e8c8-48bf52560000}2758/usr/bin/dirnameubuntu 534500x800000000000000026597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.478{00000000-0000-0000-0000-000000000000}2754<unknown process>ubuntu 154100x800000000000000026598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.479{ec2a2542-2928-6254-4889-88f823560000}2760/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2759--- 534500x800000000000000026600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.481{ec2a2542-2900-6254-0000-000000000000}2759-ubuntu 534500x800000000000000026599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.481{ec2a2542-2928-6254-4889-88f823560000}2760/usr/bin/dircolorsubuntu 354300x800000000000000026601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:12.691{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54704-false10.0.1.12-8000- 154100x800000000000000026602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:16.889{ec2a2542-2930-6254-80f2-ce6b9c550000}2761/bin/nano-----nano installmips.sh/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu 354300x800000000000000026603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:17.827{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54706-false10.0.1.12-8000- 23542300x800000000000000026604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:22.240{ec2a2542-2930-6254-80f2-ce6b9c550000}2761ubuntu/bin/nano/home/ubuntu/./.installmips.sh.swp--- 354300x800000000000000026605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:23.322{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34418-false10.0.1.12-8089- 354300x800000000000000026606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:23.627{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54710-false10.0.1.12-8000- 354300x800000000000000026607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:28.694{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54712-false10.0.1.12-8000- 23542300x800000000000000026608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:31.825{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:33.803{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54714-false10.0.1.12-8000- 154100x800000000000000026610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:36.748{ec2a2542-2944-6254-68c4-3429e0550000}2762/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 534500x800000000000000026611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:36.759{ec2a2542-2944-6254-68c4-3429e0550000}2762/bin/psroot 354300x800000000000000026612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:38.810{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54716-false10.0.1.12-8000- 354300x800000000000000026613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:44.800{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54718-false10.0.1.12-8000- 354300x800000000000000026614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:49.830{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54720-false10.0.1.12-8000- 354300x800000000000000026615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:55.770{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54722-false10.0.1.12-8000- 354300x800000000000000026616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:01.611{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54724-false10.0.1.12-8000- 23542300x800000000000000026617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:01.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x800000000000000026618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:06.680{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54726-false10.0.1.12-8000- 534500x800000000000000026620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:07.122{ec2a2542-2930-6254-80f2-ce6b9c550000}2761/bin/nanoubuntu 23542300x800000000000000026619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:07.122{ec2a2542-2930-6254-80f2-ce6b9c550000}2761ubuntu/bin/nano/home/ubuntu/./.installmips.sh.swp--- 354300x800000000000000026621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.760{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54728-false10.0.1.12-8000- 534500x800000000000000026622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.815{00000000-0000-0000-0000-000000000000}2763<unknown process>ubuntu 23542300x800000000000000026624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.817{ec2a2542-2928-6254-0834-066f98550000}2749ubuntu/bin/bash/tmp/sh-thd.c5aYmu--- 534500x800000000000000026623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.817{00000000-0000-0000-0000-000000000000}2764<unknown process>ubuntu 154100x800000000000000026625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:12.309{ec2a2542-2968-6254-e011-ab4b93550000}2765/bin/chmod-----chmod 777 installmips.sh/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu 534500x800000000000000026626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:12.310{ec2a2542-2968-6254-e011-ab4b93550000}2765/bin/chmodubuntu 154100x800000000000000026627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.314{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudo-----sudo apt-get install gcc-mips-linux-gnu -y/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2766--- 354300x800000000000000026629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.325{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-40639-false10.0.0.2-53- 354300x800000000000000026628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.325{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudptruefalse127.0.0.1-55541-false127.0.0.53-53- 354300x800000000000000026630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.326{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-35291-false10.0.0.2-53- 354300x800000000000000026632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.337{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-55541- 354300x800000000000000026631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.337{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55541- 354300x800000000000000026634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.340{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40899- 354300x800000000000000026633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.340{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudptruefalse127.0.0.1-40899-false127.0.0.53-53- 534500x800000000000000026636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.344{00000000-0000-0000-0000-000000000000}2768<unknown process>root 23542300x800000000000000026635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.344{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 154100x800000000000000026637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.345{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-get-----apt-get install gcc-mips-linux-gnu -y/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudosudoubuntu 154100x800000000000000026638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.350{ec2a2542-296b-6254-7071-ce890f560000}2770/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 23542300x800000000000000026640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.353{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.Nryxaf--- 534500x800000000000000026639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.353{ec2a2542-296b-6254-7071-ce890f560000}2770/usr/bin/dpkgroot 23542300x800000000000000026641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.363{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.2jg1wq--- 23542300x800000000000000026642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.368{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.rARoUB--- 23542300x800000000000000026643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.370{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.mDO5hN--- 23542300x800000000000000026644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.372{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.tqD5FY--- 23542300x800000000000000026645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.377{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.WXnZ49--- 23542300x800000000000000026646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.379{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.ZH37tl--- 23542300x800000000000000026647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.384{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.QDj8Tw--- 23542300x800000000000000026648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.385{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.zoLpkI--- 23542300x800000000000000026649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.387{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.ceLVKT--- 23542300x800000000000000026650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.388{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.zWOFb5--- 23542300x800000000000000026651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.389{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.UHUCCg--- 23542300x800000000000000026652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.391{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.B6LM3r--- 23542300x800000000000000026653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.392{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.S9ggvD--- 23542300x800000000000000026654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.399{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.9v6RXO--- 23542300x800000000000000026655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.402{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.s05Sq0--- 23542300x800000000000000026656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.403{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.xppaUb--- 154100x800000000000000026657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.406{ec2a2542-296b-6254-7071-61af85550000}2771/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000026658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.408{ec2a2542-296b-6254-7071-61af85550000}2771/usr/bin/dpkgroot 154100x800000000000000026659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.940{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000026669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.943{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash/bin/shroot 154100x800000000000000026660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.943{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash/bin/shroot 534500x800000000000000026666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.967{ec2a2542-296b-6254-0000-000000000000}2780-root 23542300x800000000000000026667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.967{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot 534500x800000000000000026676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.665{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000026678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.668{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2787--- 534500x800000000000000026677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.668{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dashroot 154100x800000000000000026679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.672{ec2a2542-296c-6254-ea8e-022e65550000}2789/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dashshroot 534500x800000000000000026682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296b-6254-0000-000000000000}2787-root 534500x800000000000000026681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dashroot 534500x800000000000000026680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296c-6254-ea8e-022e65550000}2789/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x800000000000000026685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.720{ec2a2542-296c-6254-b993-efa628560000}2791/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000026684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.721{ec2a2542-296c-6254-0000-000000000000}2790-root 23542300x800000000000000026683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.721{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000026686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.726{ec2a2542-296c-6254-b993-efa628560000}2791/usr/lib/apt/methods/httproot 154100x800000000000000026687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.768{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000026697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.770{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash/bin/shroot 154100x800000000000000026688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.770{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash/bin/shroot 354300x800000000000000026689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.783{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54730-false10.0.1.12-8000- 534500x800000000000000026696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot 534500x800000000000000026706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.813{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dashroot 534500x800000000000000026705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.813{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000026707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.820{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000026716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.821{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash/bin/shroot 154100x800000000000000026708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.821{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash/bin/shroot 534500x800000000000000026715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000026717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot 534500x800000000000000026723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.868{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot 23542300x800000000000000026733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.U0Qmar--- 23542300x800000000000000026732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.f4kZGb--- 23542300x800000000000000026731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.2UbCdW--- 23542300x800000000000000026730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5RmfKG--- 23542300x800000000000000026729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.CGYSgr--- 23542300x800000000000000026728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.J9VwNb--- 23542300x800000000000000026727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.S0bbkW--- 23542300x800000000000000026726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.nrLPQG--- 23542300x800000000000000026725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.aOFunr--- 534500x800000000000000026724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dashroot 23542300x800000000000000026743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ShHuUV--- 23542300x800000000000000026742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.n7B3qG--- 23542300x800000000000000026741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.uvTCXq--- 23542300x800000000000000026740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Voxcub--- 23542300x800000000000000026739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.iFrM0V--- 23542300x800000000000000026738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.9XEmxG--- 23542300x800000000000000026737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ssaX3q--- 23542300x800000000000000026736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zXXxAb--- 23542300x800000000000000026735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.sF786V--- 23542300x800000000000000026734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.HSFKDG--- 154100x800000000000000026744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.873{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 354300x800000000000000026746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.888{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-45880-false10.0.0.2-53- 354300x800000000000000026745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.888{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-45144-false127.0.0.53-53- 354300x800000000000000026747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.889{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45144- 354300x800000000000000026750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-50248-false10.0.0.2-53- 354300x800000000000000026749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44728-false10.0.0.2-53- 354300x800000000000000026748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-42486-false127.0.0.53-53- 354300x800000000000000026751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.891{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42486- 354300x800000000000000026752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.892{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-41416-false52.15.155.232-80- 534500x800000000000000026753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.486{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/http_apt 23542300x800000000000000026754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.487{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/log/apt/eipp.log.xz--- 154100x800000000000000026755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.592{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000026756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.594{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dash/bin/shroot 154100x800000000000000026757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.691{ec2a2542-296d-6254-30b0-40bcef550000}2826/usr/bin/locale-----locale charmap/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot 534500x800000000000000026758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.693{ec2a2542-296d-6254-30b0-40bcef550000}2826/usr/bin/localeroot 154100x800000000000000026759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.850{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot 154100x800000000000000026760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.852{ec2a2542-296d-6254-f0ae-b1eb01560000}2828/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dashshroot 154100x800000000000000026763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot 534500x800000000000000026762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dashroot 534500x800000000000000026761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-f0ae-b1eb01560000}2828/bin/sttyroot 154100x800000000000000026764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.856{ec2a2542-296d-6254-f00e-448cbe550000}2830/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dashshroot 534500x800000000000000026766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.857{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dashroot 534500x800000000000000026765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.857{ec2a2542-296d-6254-f00e-448cbe550000}2830/bin/sttyroot 154100x800000000000000026767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.861{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb /var/cache/apt/archives/gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/libisl19_0.19-1_amd64.deb /var/cache/apt/archives/libmpc3_1.1.0-1_amd64.deb /var/cache/apt/archives/cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb /var/cache/apt/archives/binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/cache/apt/archives/gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb /var/cache/apt/archives/libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb /var/cache/apt/archives/libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2831--- 154100x800000000000000026768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.869{ec2a2542-296d-6254-70a1-ffe5ac550000}2833/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x800000000000000026770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.871{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.NM7v9K--- 534500x800000000000000026769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.871{ec2a2542-296d-6254-70a1-ffe5ac550000}2833/usr/bin/dpkgroot 23542300x800000000000000026771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.876{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.RAIfn3--- 23542300x800000000000000026772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.881{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.N1ZIBl--- 23542300x800000000000000026773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.883{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.RBDxQD--- 23542300x800000000000000026774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.884{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.vHXC5V--- 23542300x800000000000000026775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.889{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jIFrle--- 23542300x800000000000000026776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.890{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.huLwBw--- 23542300x800000000000000026777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.895{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.PdxlSO--- 23542300x800000000000000026778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.896{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.fGsq96--- 23542300x800000000000000026779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.898{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.JDkKqp--- 23542300x800000000000000026780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.899{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.7y3hIH--- 23542300x800000000000000026781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.900{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.F163ZZ--- 23542300x800000000000000026782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.902{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.NEh6hi--- 23542300x800000000000000026783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.904{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.9CfsAA--- 23542300x800000000000000026784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.906{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.lDPdTS--- 23542300x800000000000000026785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.908{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jBkfcb--- 23542300x800000000000000026786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.909{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.LIyzvt--- 154100x800000000000000026787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.910{ec2a2542-296d-6254-7041-435ddf550000}2834/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000026788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.912{ec2a2542-296d-6254-7041-435ddf550000}2834/usr/bin/dpkgroot 154100x800000000000000026789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.944{ec2a2542-296d-6254-70c1-2edd24560000}2835/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000026790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.946{ec2a2542-296d-6254-70c1-2edd24560000}2835/usr/bin/dpkgroot 534500x800000000000000026791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.988{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesroot 534500x800000000000000026792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.996{ec2a2542-296d-6254-0000-000000000000}2831-root 534500x800000000000000026794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.002{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dashroot 534500x800000000000000026793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.002{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perlroot 154100x800000000000000026795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.026{ec2a2542-296e-6254-7051-8b9624560000}2836/usr/bin/dpkg-----/usr/bin/dpkg --assert-multi-arch/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000026796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.036{ec2a2542-296e-6254-7051-8b9624560000}2836/usr/bin/dpkgroot 154100x800000000000000026797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.038{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-qCjo8w/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000026798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.055{ec2a2542-296e-6254-d86f-ed2cb0550000}2838/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.058{ec2a2542-296e-6254-d86f-ed2cb0550000}2838/usr/bin/dpkg-splitroot 154100x800000000000000026800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.059{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.062{ec2a2542-296e-6254-b0d3-bc62f3550000}2842/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.062{ec2a2542-296e-6254-0000-000000000000}2840-root 534500x800000000000000026802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.063{ec2a2542-296e-6254-0000-000000000000}2841-root 534500x800000000000000026804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.067{ec2a2542-296e-6254-b0d3-bc62f3550000}2842/bin/tarroot 534500x800000000000000026805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.068{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-debroot 154100x800000000000000026806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.406{ec2a2542-296e-6254-40aa-dc55a4550000}2843/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.424{ec2a2542-296e-6254-0000-000000000000}2844-root 534500x800000000000000026808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.431{ec2a2542-296e-6254-0000-000000000000}2845-root 534500x800000000000000026809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.432{ec2a2542-296e-6254-40aa-dc55a4550000}2843/usr/bin/dpkg-debroot 154100x800000000000000026810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.481{ec2a2542-296e-6254-7033-2fb838560000}2846/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.482{ec2a2542-296e-6254-7033-2fb838560000}2846/bin/rmroot 23542300x800000000000000026811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.482{ec2a2542-296e-6254-7033-2fb838560000}2846root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.483{ec2a2542-296e-6254-d8cf-ffe62e560000}2847/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.484{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.484{ec2a2542-296e-6254-d8cf-ffe62e560000}2847/usr/bin/dpkg-splitroot 154100x800000000000000026817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.486{ec2a2542-296e-6254-b023-a7d6ac550000}2851/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.486{ec2a2542-296e-6254-0000-000000000000}2849-root 534500x800000000000000026818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.487{ec2a2542-296e-6254-0000-000000000000}2850-root 534500x800000000000000026819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.489{ec2a2542-296e-6254-b023-a7d6ac550000}2851/bin/tarroot 534500x800000000000000026820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.490{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-debroot 154100x800000000000000026821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.507{ec2a2542-296e-6254-40ea-b89275550000}2852/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.509{ec2a2542-296e-6254-0000-000000000000}2853-root 534500x800000000000000026823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.512{ec2a2542-296e-6254-0000-000000000000}2854-root 534500x800000000000000026824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.513{ec2a2542-296e-6254-40ea-b89275550000}2852/usr/bin/dpkg-debroot 154100x800000000000000026825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.529{ec2a2542-296e-6254-7073-52a421560000}2855/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000026826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.530{ec2a2542-296e-6254-7073-52a421560000}2855root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.531{ec2a2542-296e-6254-d82f-057a08560000}2856/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.531{ec2a2542-296e-6254-7073-52a421560000}2855/bin/rmroot 534500x800000000000000026829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.532{ec2a2542-296e-6254-d82f-057a08560000}2856/usr/bin/dpkg-splitroot 154100x800000000000000026830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.533{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.534{ec2a2542-296e-6254-b083-f58053560000}2860/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.534{ec2a2542-296e-6254-0000-000000000000}2858-root 534500x800000000000000026833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.538{ec2a2542-296e-6254-0000-000000000000}2859-root 534500x800000000000000026835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.539{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-debroot 534500x800000000000000026834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.539{ec2a2542-296e-6254-b083-f58053560000}2860/bin/tarroot 154100x800000000000000026836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.568{ec2a2542-296e-6254-406a-1cda94550000}2861/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.619{ec2a2542-296e-6254-0000-000000000000}2862-root 534500x800000000000000026839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.629{ec2a2542-296e-6254-406a-1cda94550000}2861/usr/bin/dpkg-debroot 534500x800000000000000026838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.629{00000000-0000-0000-0000-000000000000}2863<unknown process>root 154100x800000000000000026840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.668{ec2a2542-296e-6254-70b3-253d2b560000}2864/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.669{ec2a2542-296e-6254-70b3-253d2b560000}2864/bin/rmroot 23542300x800000000000000026841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.669{ec2a2542-296e-6254-70b3-253d2b560000}2864root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.670{ec2a2542-296e-6254-d89f-8a74b4550000}2865/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.671{ec2a2542-296e-6254-d89f-8a74b4550000}2865/usr/bin/dpkg-splitroot 154100x800000000000000026845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.672{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.674{ec2a2542-296e-6254-b093-982e39560000}2869/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.674{ec2a2542-296e-6254-0000-000000000000}2867-root 534500x800000000000000026848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.676{ec2a2542-296e-6254-0000-000000000000}2868-root 534500x800000000000000026850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.677{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-debroot 534500x800000000000000026849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.677{ec2a2542-296e-6254-b093-982e39560000}2869/bin/tarroot 154100x800000000000000026851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.702{ec2a2542-296e-6254-401a-4ef791550000}2870/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.705{ec2a2542-296e-6254-0000-000000000000}2871-root 534500x800000000000000026854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.710{ec2a2542-296e-6254-401a-4ef791550000}2870/usr/bin/dpkg-debroot 534500x800000000000000026853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.710{00000000-0000-0000-0000-000000000000}2872<unknown process>root 154100x800000000000000026855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.729{ec2a2542-296e-6254-70b3-9d6f73550000}2873/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-d89f-b1522a560000}2874/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-70b3-9d6f73550000}2873/bin/rmroot 23542300x800000000000000026856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-70b3-9d6f73550000}2873root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000026859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.732{ec2a2542-296e-6254-d89f-b1522a560000}2874/usr/bin/dpkg-splitroot 154100x800000000000000026860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.733{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.734{ec2a2542-296e-6254-b073-821964550000}2878/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.735{ec2a2542-296e-6254-0000-000000000000}2876-root 534500x800000000000000026863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.736{ec2a2542-296e-6254-0000-000000000000}2877-root 534500x800000000000000026864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.737{ec2a2542-296e-6254-b073-821964550000}2878/bin/tarroot 534500x800000000000000026865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.738{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-debroot 154100x800000000000000026866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.753{ec2a2542-296e-6254-6802-1eea4f560000}2879/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.754{ec2a2542-296e-6254-6802-1eea4f560000}2879/bin/dashroot 154100x800000000000000026868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.755{ec2a2542-296e-6254-409a-87c938560000}2880/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.317{ec2a2542-296e-6254-0000-000000000000}2881-root 534500x800000000000000026871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.326{ec2a2542-296e-6254-409a-87c938560000}2880/usr/bin/dpkg-debroot 534500x800000000000000026870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.326{00000000-0000-0000-0000-000000000000}2882<unknown process>root 154100x800000000000000026872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.410{ec2a2542-296f-6254-70c3-49017b550000}2883/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000026873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.411{ec2a2542-296f-6254-70c3-49017b550000}2883root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.412{ec2a2542-296f-6254-d86f-17024a560000}2884/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.412{ec2a2542-296f-6254-70c3-49017b550000}2883/bin/rmroot 534500x800000000000000026876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.413{ec2a2542-296f-6254-d86f-17024a560000}2884/usr/bin/dpkg-splitroot 154100x800000000000000026877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.414{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.415{ec2a2542-296f-6254-b093-b0e8ce550000}2888/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.415{ec2a2542-296f-6254-0000-000000000000}2886-root 534500x800000000000000026880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.416{ec2a2542-296f-6254-0000-000000000000}2887-root 534500x800000000000000026882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.418{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-debroot 534500x800000000000000026881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.418{ec2a2542-296f-6254-b093-b0e8ce550000}2888/bin/tarroot 154100x800000000000000026883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.433{ec2a2542-296f-6254-40ca-5a4a7e550000}2889/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.435{ec2a2542-296f-6254-0000-000000000000}2890-root 534500x800000000000000026886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.436{ec2a2542-296f-6254-40ca-5a4a7e550000}2889/usr/bin/dpkg-debroot 534500x800000000000000026885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.436{00000000-0000-0000-0000-000000000000}2891<unknown process>root 154100x800000000000000026887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.455{ec2a2542-296f-6254-7033-c52ce9550000}2892/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-d8df-79ad11560000}2893/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-7033-c52ce9550000}2892/bin/rmroot 23542300x800000000000000026888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-7033-c52ce9550000}2892root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.458{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.458{ec2a2542-296f-6254-d8df-79ad11560000}2893/usr/bin/dpkg-splitroot 154100x800000000000000026894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.461{ec2a2542-296f-6254-b0d3-26ffe2550000}2897/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.461{ec2a2542-296f-6254-0000-000000000000}2895-root 534500x800000000000000026895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.462{ec2a2542-296f-6254-0000-000000000000}2896-root 534500x800000000000000026897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.463{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-debroot 534500x800000000000000026896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.463{ec2a2542-296f-6254-b0d3-26ffe2550000}2897/bin/tarroot 154100x800000000000000026898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.481{ec2a2542-296f-6254-402a-6a0fe7550000}2898/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.483{ec2a2542-296f-6254-0000-000000000000}2899-root 534500x800000000000000026900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.485{00000000-0000-0000-0000-000000000000}2900<unknown process>root 534500x800000000000000026901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.486{ec2a2542-296f-6254-402a-6a0fe7550000}2898/usr/bin/dpkg-debroot 154100x800000000000000026902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.503{ec2a2542-296f-6254-7073-d41670550000}2901/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-d83f-144f3d560000}2902/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-7073-d41670550000}2901/bin/rmroot 23542300x800000000000000026903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-7073-d41670550000}2901root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.506{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.506{ec2a2542-296f-6254-d83f-144f3d560000}2902/usr/bin/dpkg-splitroot 154100x800000000000000026908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.508{ec2a2542-296f-6254-b0d3-9d7468550000}2906/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.509{ec2a2542-296f-6254-0000-000000000000}2905-root 534500x800000000000000026909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.509{ec2a2542-296f-6254-0000-000000000000}2904-root 534500x800000000000000026911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.510{ec2a2542-296f-6254-b0d3-9d7468550000}2906/bin/tarroot 534500x800000000000000026912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.511{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-debroot 154100x800000000000000026913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.533{ec2a2542-296f-6254-403a-ffd9eb550000}2907/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.535{ec2a2542-296f-6254-0000-000000000000}2908-root 534500x800000000000000026916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.541{ec2a2542-296f-6254-403a-ffd9eb550000}2907/usr/bin/dpkg-debroot 534500x800000000000000026915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.541{00000000-0000-0000-0000-000000000000}2909<unknown process>root 154100x800000000000000026917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.561{ec2a2542-296f-6254-7053-e2b946560000}2910/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.562{ec2a2542-296f-6254-7053-e2b946560000}2910/bin/rmroot 23542300x800000000000000026918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.562{ec2a2542-296f-6254-7053-e2b946560000}2910root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.563{ec2a2542-296f-6254-d8cf-244cf6550000}2911/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.564{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.564{ec2a2542-296f-6254-d8cf-244cf6550000}2911/usr/bin/dpkg-splitroot 154100x800000000000000026924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.566{ec2a2542-296f-6254-b023-0d527e550000}2915/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.566{ec2a2542-296f-6254-0000-000000000000}2913-root 534500x800000000000000026925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.568{ec2a2542-296f-6254-0000-000000000000}2914-root 534500x800000000000000026927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.572{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-debroot 534500x800000000000000026926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.572{ec2a2542-296f-6254-b023-0d527e550000}2915/bin/tarroot 154100x800000000000000026928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.591{ec2a2542-296f-6254-404a-8f9c50560000}2916/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.940{ec2a2542-296f-6254-0000-000000000000}2917-root 534500x800000000000000026930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.947{00000000-0000-0000-0000-000000000000}2918<unknown process>root 534500x800000000000000026931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.948{ec2a2542-296f-6254-404a-8f9c50560000}2916/usr/bin/dpkg-debroot 154100x800000000000000026932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.984{ec2a2542-296f-6254-7013-e09370550000}2919/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000026933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.985{ec2a2542-296f-6254-7013-e09370550000}2919root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.986{ec2a2542-296f-6254-d8bf-49c8db550000}2920/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.986{ec2a2542-296f-6254-7013-e09370550000}2919/bin/rmroot 154100x800000000000000026937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.987{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.987{ec2a2542-296f-6254-d8bf-49c8db550000}2920/usr/bin/dpkg-splitroot 154100x800000000000000026940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.989{ec2a2542-296f-6254-b053-2aee61550000}2924/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.989{ec2a2542-296f-6254-0000-000000000000}2922-root 534500x800000000000000026939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.990{ec2a2542-296f-6254-0000-000000000000}2923-root 534500x800000000000000026942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.994{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-debroot 534500x800000000000000026941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.994{ec2a2542-296f-6254-b053-2aee61550000}2924/bin/tarroot 154100x800000000000000026943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.011{ec2a2542-2970-6254-40aa-c86811560000}2925/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.013{ec2a2542-2970-6254-0000-000000000000}2926-root 534500x800000000000000026945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.015{ec2a2542-2970-6254-0000-000000000000}2927-root 534500x800000000000000026946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.016{ec2a2542-2970-6254-40aa-c86811560000}2925/usr/bin/dpkg-debroot 154100x800000000000000026947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.038{ec2a2542-2970-6254-7043-5f49d2550000}2928/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.039{ec2a2542-2970-6254-7043-5f49d2550000}2928/bin/rmroot 23542300x800000000000000026948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.039{ec2a2542-2970-6254-7043-5f49d2550000}2928root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.041{ec2a2542-2970-6254-d8ef-1ad559550000}2929/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.042{ec2a2542-2970-6254-d8ef-1ad559550000}2929/usr/bin/dpkg-splitroot 154100x800000000000000026952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.043{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.044{ec2a2542-2970-6254-b0d3-850fba550000}2933/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.044{ec2a2542-2970-6254-0000-000000000000}2931-root 534500x800000000000000026955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.046{ec2a2542-2970-6254-0000-000000000000}2932-root 534500x800000000000000026957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.047{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-debroot 534500x800000000000000026956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.047{ec2a2542-2970-6254-b0d3-850fba550000}2933/bin/tarroot 154100x800000000000000026958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.068{ec2a2542-2970-6254-407a-468640560000}2934/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.179{ec2a2542-2970-6254-0000-000000000000}2935-root 534500x800000000000000026960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.191{ec2a2542-2970-6254-0000-000000000000}2936-root 534500x800000000000000026961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.192{ec2a2542-2970-6254-407a-468640560000}2934/usr/bin/dpkg-debroot 154100x800000000000000026962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.221{ec2a2542-2970-6254-7003-832859550000}2937/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.222{ec2a2542-2970-6254-7003-832859550000}2937/bin/rmroot 23542300x800000000000000026963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.222{ec2a2542-2970-6254-7003-832859550000}2937root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.223{ec2a2542-2970-6254-d86f-eb04bc550000}2938/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.224{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.224{ec2a2542-2970-6254-d86f-eb04bc550000}2938/usr/bin/dpkg-splitroot 154100x800000000000000026969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.226{ec2a2542-2970-6254-b0d3-fa365d550000}2942/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.226{ec2a2542-2970-6254-0000-000000000000}2940-root 534500x800000000000000026970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.228{ec2a2542-2970-6254-0000-000000000000}2941-root 534500x800000000000000026972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.229{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-debroot 534500x800000000000000026971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.229{ec2a2542-2970-6254-b0d3-fa365d550000}2942/bin/tarroot 154100x800000000000000026973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.249{ec2a2542-2970-6254-404a-c8505c550000}2943/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.250{ec2a2542-2970-6254-0000-000000000000}2944-root 534500x800000000000000026975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.255{00000000-0000-0000-0000-000000000000}2945<unknown process>root 534500x800000000000000026976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.256{ec2a2542-2970-6254-404a-c8505c550000}2943/usr/bin/dpkg-debroot 154100x800000000000000026977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.274{ec2a2542-2970-6254-70d3-e2db68550000}2946/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-d87f-301216560000}2947/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-70d3-e2db68550000}2946/bin/rmroot 23542300x800000000000000026978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-70d3-e2db68550000}2946root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000026982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.277{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.277{ec2a2542-2970-6254-d87f-301216560000}2947/usr/bin/dpkg-splitroot 154100x800000000000000026984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.279{ec2a2542-2970-6254-b0c3-9577dc550000}2951/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.279{ec2a2542-2970-6254-0000-000000000000}2949-root 534500x800000000000000026985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.280{ec2a2542-2970-6254-0000-000000000000}2950-root 534500x800000000000000026987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.281{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-debroot 534500x800000000000000026986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.281{ec2a2542-2970-6254-b0c3-9577dc550000}2951/bin/tarroot 154100x800000000000000026988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.299{ec2a2542-2970-6254-40fa-f3109e550000}2952/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.304{ec2a2542-2970-6254-0000-000000000000}2953-root 534500x800000000000000026990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.315{ec2a2542-2970-6254-0000-000000000000}2954-root 534500x800000000000000026991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.316{ec2a2542-2970-6254-40fa-f3109e550000}2952/usr/bin/dpkg-debroot 154100x800000000000000026992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.332{ec2a2542-2970-6254-7033-5cb100560000}2955/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-d89f-3732db550000}2956/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000026994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-7033-5cb100560000}2955/bin/rmroot 23542300x800000000000000026993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-7033-5cb100560000}2955root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000026996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.338{ec2a2542-2970-6254-d89f-3732db550000}2956/usr/bin/dpkg-splitroot 154100x800000000000000026997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.339{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000026999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.341{ec2a2542-2970-6254-b013-b07829560000}2960/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000026998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.341{ec2a2542-2970-6254-0000-000000000000}2958-root 534500x800000000000000027000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.342{ec2a2542-2970-6254-0000-000000000000}2959-root 534500x800000000000000027002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.344{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-debroot 534500x800000000000000027001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.344{ec2a2542-2970-6254-b013-b07829560000}2960/bin/tarroot 154100x800000000000000027003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.363{ec2a2542-2970-6254-404a-0a05ca550000}2961/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.365{ec2a2542-2970-6254-0000-000000000000}2962-root 534500x800000000000000027006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.366{ec2a2542-2970-6254-404a-0a05ca550000}2961/usr/bin/dpkg-debroot 534500x800000000000000027005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.366{ec2a2542-2970-6254-0000-000000000000}2963-root 154100x800000000000000027007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.385{ec2a2542-2970-6254-70b3-f83e49560000}2964/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-d8df-9179d5550000}2965/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-70b3-f83e49560000}2964/bin/rmroot 23542300x800000000000000027008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-70b3-f83e49560000}2964root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000027011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.388{ec2a2542-2970-6254-d8df-9179d5550000}2965/usr/bin/dpkg-splitroot 154100x800000000000000027012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.389{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.390{ec2a2542-2970-6254-b023-67bc74550000}2969/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.390{ec2a2542-2970-6254-0000-000000000000}2967-root 534500x800000000000000027015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.392{ec2a2542-2970-6254-0000-000000000000}2968-root 534500x800000000000000027016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.393{ec2a2542-2970-6254-b023-67bc74550000}2969/bin/tarroot 534500x800000000000000027017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.394{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-debroot 154100x800000000000000027018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.408{ec2a2542-2970-6254-40ca-4f3e4d560000}2970/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.437{ec2a2542-2970-6254-0000-000000000000}2971-root 534500x800000000000000027021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.446{ec2a2542-2970-6254-40ca-4f3e4d560000}2970/usr/bin/dpkg-debroot 534500x800000000000000027020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.446{00000000-0000-0000-0000-000000000000}2972<unknown process>root 154100x800000000000000027022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.502{ec2a2542-2970-6254-7093-73acf2550000}2973/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.503{ec2a2542-2970-6254-7093-73acf2550000}2973/bin/rmroot 23542300x800000000000000027023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.503{ec2a2542-2970-6254-7093-73acf2550000}2973root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.504{ec2a2542-2970-6254-d88f-c77b04560000}2974/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.505{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.505{ec2a2542-2970-6254-d88f-c77b04560000}2974/usr/bin/dpkg-splitroot 154100x800000000000000027029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.507{ec2a2542-2970-6254-b0d3-49be6a550000}2978/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.507{ec2a2542-2970-6254-0000-000000000000}2976-root 534500x800000000000000027030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.508{ec2a2542-2970-6254-0000-000000000000}2977-root 534500x800000000000000027032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.509{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-debroot 534500x800000000000000027031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.509{ec2a2542-2970-6254-b0d3-49be6a550000}2978/bin/tarroot 154100x800000000000000027033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.527{ec2a2542-2970-6254-6892-0361dc550000}2979/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.528{ec2a2542-2970-6254-6892-0361dc550000}2979/bin/dashroot 154100x800000000000000027035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.529{ec2a2542-2970-6254-40da-d15b2a560000}2980/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.193{ec2a2542-2970-6254-0000-000000000000}2981-root 534500x800000000000000027038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.198{ec2a2542-2970-6254-40da-d15b2a560000}2980/usr/bin/dpkg-debroot 534500x800000000000000027037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.198{ec2a2542-2970-6254-0000-000000000000}2982-root 154100x800000000000000027039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.242{ec2a2542-2971-6254-70a3-97f0d5550000}2983/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.243{ec2a2542-2971-6254-70a3-97f0d5550000}2983/bin/rmroot 23542300x800000000000000027040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.243{ec2a2542-2971-6254-70a3-97f0d5550000}2983root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.244{ec2a2542-2971-6254-d82f-e407dc550000}2984/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.245{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.245{ec2a2542-2971-6254-d82f-e407dc550000}2984/usr/bin/dpkg-splitroot 154100x800000000000000027046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.247{ec2a2542-2971-6254-b073-f2e374550000}2988/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.247{ec2a2542-2971-6254-0000-000000000000}2986-root 534500x800000000000000027047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.248{ec2a2542-2971-6254-0000-000000000000}2987-root 534500x800000000000000027048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.249{ec2a2542-2971-6254-b073-f2e374550000}2988/bin/tarroot 534500x800000000000000027049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.250{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-debroot 154100x800000000000000027050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.262{ec2a2542-2971-6254-407a-1f563a560000}2989/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.264{ec2a2542-2971-6254-0000-000000000000}2990-root 534500x800000000000000027053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.265{ec2a2542-2971-6254-407a-1f563a560000}2989/usr/bin/dpkg-debroot 534500x800000000000000027052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.265{00000000-0000-0000-0000-000000000000}2991<unknown process>root 154100x800000000000000027054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.285{ec2a2542-2971-6254-70b3-60cfa1550000}2992/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.287{ec2a2542-2971-6254-d83f-596542560000}2993/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/17-linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.287{ec2a2542-2971-6254-70b3-60cfa1550000}2992/bin/rmroot 23542300x800000000000000027055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.287{ec2a2542-2971-6254-70b3-60cfa1550000}2992root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000027058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.288{ec2a2542-2971-6254-d83f-596542560000}2993/usr/bin/dpkg-splitroot 154100x800000000000000027059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.289{ec2a2542-2971-6254-404a-972c3e560000}2994/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/17-linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.292{ec2a2542-2971-6254-b0e3-428cbe550000}2997/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2971-6254-404a-972c3e560000}2994/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.292{ec2a2542-2971-6254-0000-000000000000}2995-root 534500x800000000000000027062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.295{ec2a2542-2971-6254-0000-000000000000}2996-root 534500x800000000000000027064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.296{ec2a2542-2971-6254-404a-972c3e560000}2994/usr/bin/dpkg-debroot 534500x800000000000000027063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.296{ec2a2542-2971-6254-b0e3-428cbe550000}2997/bin/tarroot 154100x800000000000000027065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.312{ec2a2542-2971-6254-40ca-edfac9550000}2998/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/17-linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.510{ec2a2542-2971-6254-0000-000000000000}2999-root 534500x800000000000000027067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.522{ec2a2542-2971-6254-0000-000000000000}3000-root 534500x800000000000000027068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.523{ec2a2542-2971-6254-40ca-edfac9550000}2998/usr/bin/dpkg-debroot 154100x800000000000000027069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.596{ec2a2542-2971-6254-70b3-7f009e550000}3001/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.598{ec2a2542-2971-6254-d81f-176039560000}3002/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/18-libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.598{ec2a2542-2971-6254-70b3-7f009e550000}3001/bin/rmroot 23542300x800000000000000027070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.598{ec2a2542-2971-6254-70b3-7f009e550000}3001root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000027073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.599{ec2a2542-2971-6254-d81f-176039560000}3002/usr/bin/dpkg-splitroot 154100x800000000000000027074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.600{ec2a2542-2971-6254-404a-b3b286550000}3003/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/18-libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.601{ec2a2542-2971-6254-b043-79791f560000}3006/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2971-6254-404a-b3b286550000}3003/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.601{ec2a2542-2971-6254-0000-000000000000}3004-root 534500x800000000000000027079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.604{ec2a2542-2971-6254-404a-b3b286550000}3003/usr/bin/dpkg-debroot 534500x800000000000000027078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.604{00000000-0000-0000-0000-000000000000}3005<unknown process>root 534500x800000000000000027077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.604{ec2a2542-2971-6254-b043-79791f560000}3006/bin/tarroot 154100x800000000000000027080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.620{ec2a2542-2971-6254-407a-aa8788550000}3007/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/18-libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 354300x800000000000000027081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.818{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54734-false10.0.1.12-8000- 534500x800000000000000027082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.015{ec2a2542-2971-6254-0000-000000000000}3008-root 534500x800000000000000027084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.027{ec2a2542-2971-6254-407a-aa8788550000}3007/usr/bin/dpkg-debroot 534500x800000000000000027083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.027{00000000-0000-0000-0000-000000000000}3009<unknown process>root 154100x800000000000000027085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.131{ec2a2542-2972-6254-70f3-06bb0c560000}3010/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.132{ec2a2542-2972-6254-70f3-06bb0c560000}3010/bin/rmroot 23542300x800000000000000027086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.132{ec2a2542-2972-6254-70f3-06bb0c560000}3010root/bin/rm/var/lib/dpkg/tmp.ci/control--- 23542300x800000000000000027088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.187{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000027116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000027115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000027114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000027113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000027112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000027111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000027110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000027109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000027108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000027107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000027106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000027105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000027104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000027103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000027102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000027101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000027100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000027099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000027098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000027097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000027096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000027095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000027094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000027093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000027092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000027091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000027090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000027089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.189{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000027147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0058--- 23542300x800000000000000027146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0057--- 23542300x800000000000000027145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0056--- 23542300x800000000000000027144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0055--- 23542300x800000000000000027143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0054--- 23542300x800000000000000027142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0053--- 23542300x800000000000000027141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0052--- 23542300x800000000000000027140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0051--- 23542300x800000000000000027139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0050--- 23542300x800000000000000027138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0049--- 23542300x800000000000000027137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0048--- 23542300x800000000000000027136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0047--- 23542300x800000000000000027135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0046--- 23542300x800000000000000027134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0045--- 23542300x800000000000000027133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0044--- 23542300x800000000000000027132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0043--- 23542300x800000000000000027131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0042--- 23542300x800000000000000027130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0041--- 23542300x800000000000000027129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000027128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000027127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000027126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000027125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000027124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000027123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000027122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000027121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000027120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000027119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000027118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000027117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.190{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000027148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.192{ec2a2542-296e-6254-7061-78cc17560000}2837root/usr/bin/dpkg/var/lib/dpkg/updates/tmp.i--- 534500x800000000000000027149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.194{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkgroot 23542300x800000000000000027168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb--- 23542300x800000000000000027166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb--- 23542300x800000000000000027165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb--- 23542300x800000000000000027163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/18-libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb--- 23542300x800000000000000027160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb--- 23542300x800000000000000027159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb--- 23542300x800000000000000027155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb--- 23542300x800000000000000027154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb--- 23542300x800000000000000027152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb--- 23542300x800000000000000027151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.196{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/apt-dpkg-install-qCjo8w/17-linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb--- 154100x800000000000000027169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.197{ec2a2542-2972-6254-7091-5b1f40560000}3011/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --configure --pending/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000027170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.427{ec2a2542-2972-6254-6812-172f7e550000}3012/bin/dash-----/bin/sh /var/lib/dpkg/info/man-db.postinst triggered /usr/share/man/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2972-6254-7091-5b1f40560000}3011/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.430{ec2a2542-2972-6254-80ea-bcc4cf550000}3013/usr/bin/mandb-----/usr/bin/mandb -pq/man{ec2a2542-0000-0000-0600-000001000000}64no level-{ec2a2542-2972-6254-6812-172f7e550000}3012/bin/dash/bin/shroot 154100x800000000000000027171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.430{ec2a2542-2972-6254-98e7-52e7c2550000}3013/usr/bin/perl-----perl -e @pwd = getpwnam("man"); $) = $( = $pwd[3]; $> = $< = $pwd[2]; exec "/usr/bin/mandb", @ARGV -- -pq/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2972-6254-6812-172f7e550000}3012/bin/dash/bin/shroot 534500x800000000000000027173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.482{ec2a2542-2972-6254-0000-000000000000}3014-man 534500x800000000000000027174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.487{ec2a2542-2972-6254-0000-000000000000}3015-man 534500x800000000000000027175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.488{ec2a2542-2972-6254-0000-000000000000}3017-man 534500x800000000000000027176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.489{00000000-0000-0000-0000-000000000000}3016<unknown process>man 534500x800000000000000027177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.495{00000000-0000-0000-0000-000000000000}3018<unknown process>man 534500x800000000000000027178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.498{ec2a2542-2972-6254-0000-000000000000}3019-man 534500x800000000000000027179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.499{ec2a2542-2972-6254-0000-000000000000}3021-man 534500x800000000000000027180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.501{ec2a2542-2972-6254-0000-000000000000}3020-man 534500x800000000000000027181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.505{ec2a2542-2972-6254-0000-000000000000}3022-man 534500x800000000000000027182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.508{ec2a2542-2972-6254-0000-000000000000}3023-man 534500x800000000000000027184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.509{ec2a2542-2972-6254-0000-000000000000}3024-man 534500x800000000000000027183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.509{ec2a2542-2972-6254-0000-000000000000}3025-man 534500x800000000000000027185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.514{00000000-0000-0000-0000-000000000000}3026<unknown process>man 534500x800000000000000027187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.518{ec2a2542-2972-6254-0000-000000000000}3029-man 534500x800000000000000027186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.518{ec2a2542-2972-6254-0000-000000000000}3027-man 534500x800000000000000027188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.521{00000000-0000-0000-0000-000000000000}3028<unknown process>man 534500x800000000000000027189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.526{ec2a2542-2972-6254-0000-000000000000}3030-man 534500x800000000000000027191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.530{ec2a2542-2972-6254-0000-000000000000}3033-man 534500x800000000000000027190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.530{ec2a2542-2972-6254-0000-000000000000}3031-man 534500x800000000000000027192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.531{ec2a2542-2972-6254-0000-000000000000}3032-man 534500x800000000000000027193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.535{ec2a2542-2972-6254-0000-000000000000}3034-man 534500x800000000000000027195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.539{ec2a2542-2972-6254-0000-000000000000}3037-man 534500x800000000000000027194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.539{ec2a2542-2972-6254-0000-000000000000}3035-man 534500x800000000000000027196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.540{ec2a2542-2972-6254-0000-000000000000}3036-man 534500x800000000000000027197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.543{00000000-0000-0000-0000-000000000000}3038<unknown process>man 534500x800000000000000027198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.546{00000000-0000-0000-0000-000000000000}3039<unknown process>man 534500x800000000000000027199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.547{ec2a2542-2972-6254-0000-000000000000}3041-man 534500x800000000000000027200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.548{ec2a2542-2972-6254-0000-000000000000}3040-man 534500x800000000000000027201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.552{00000000-0000-0000-0000-000000000000}3042<unknown process>man 534500x800000000000000027203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.555{ec2a2542-2972-6254-0000-000000000000}3045-man 534500x800000000000000027202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.555{ec2a2542-2972-6254-0000-000000000000}3043-man 534500x800000000000000027204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.556{ec2a2542-2972-6254-0000-000000000000}3044-man 534500x800000000000000027205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.559{ec2a2542-2972-6254-0000-000000000000}3046-man 534500x800000000000000027206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.562{ec2a2542-2972-6254-0000-000000000000}3047-man 534500x800000000000000027208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.563{ec2a2542-2972-6254-0000-000000000000}3048-man 534500x800000000000000027207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.563{ec2a2542-2972-6254-0000-000000000000}3049-man 534500x800000000000000027209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.567{00000000-0000-0000-0000-000000000000}3050<unknown process>man 534500x800000000000000027210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.570{ec2a2542-2972-6254-0000-000000000000}3051-man 534500x800000000000000027212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.571{ec2a2542-2972-6254-0000-000000000000}3052-man 534500x800000000000000027211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.571{ec2a2542-2972-6254-0000-000000000000}3053-man 534500x800000000000000027213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.575{00000000-0000-0000-0000-000000000000}3054<unknown process>man 534500x800000000000000027214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.578{ec2a2542-2972-6254-0000-000000000000}3055-man 534500x800000000000000027216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.579{ec2a2542-2972-6254-0000-000000000000}3056-man 534500x800000000000000027215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.579{ec2a2542-2972-6254-0000-000000000000}3057-man 534500x800000000000000027217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.583{ec2a2542-2972-6254-0000-000000000000}3058-man 534500x800000000000000027218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.586{00000000-0000-0000-0000-000000000000}3059<unknown process>man 534500x800000000000000027219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.587{ec2a2542-2972-6254-0000-000000000000}3061-man 534500x800000000000000027220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.588{ec2a2542-2972-6254-0000-000000000000}3060-man 534500x800000000000000027221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.592{ec2a2542-2972-6254-0000-000000000000}3062-man 534500x800000000000000027222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.595{ec2a2542-2972-6254-0000-000000000000}3063-man 534500x800000000000000027223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.596{ec2a2542-2972-6254-0000-000000000000}3065-man 534500x800000000000000027224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.597{00000000-0000-0000-0000-000000000000}3064<unknown process>man 534500x800000000000000027225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.602{ec2a2542-2972-6254-0000-000000000000}3066-man 534500x800000000000000027226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.605{ec2a2542-2972-6254-0000-000000000000}3067-man 534500x800000000000000027228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.606{ec2a2542-2972-6254-0000-000000000000}3068-man 534500x800000000000000027227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.606{ec2a2542-2972-6254-0000-000000000000}3069-man 534500x800000000000000027229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.611{00000000-0000-0000-0000-000000000000}3070<unknown process>man 534500x800000000000000027230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.616{00000000-0000-0000-0000-000000000000}3071<unknown process>man 534500x800000000000000027231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.617{ec2a2542-2972-6254-0000-000000000000}3073-man 534500x800000000000000027232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.619{00000000-0000-0000-0000-000000000000}3072<unknown process>man 534500x800000000000000027233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.623{00000000-0000-0000-0000-000000000000}3074<unknown process>man 534500x800000000000000027234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.626{ec2a2542-2972-6254-0000-000000000000}3075-man 534500x800000000000000027235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.628{ec2a2542-2972-6254-0000-000000000000}3077-man 534500x800000000000000027236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.629{00000000-0000-0000-0000-000000000000}3076<unknown process>man 534500x800000000000000027237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.632{ec2a2542-2972-6254-0000-000000000000}3078-man 534500x800000000000000027238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.635{ec2a2542-2972-6254-0000-000000000000}3079-man 534500x800000000000000027240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.636{ec2a2542-2972-6254-0000-000000000000}3080-man 534500x800000000000000027239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.636{ec2a2542-2972-6254-0000-000000000000}3081-man 534500x800000000000000027241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.640{00000000-0000-0000-0000-000000000000}3082<unknown process>man 534500x800000000000000027242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.643{ec2a2542-2972-6254-0000-000000000000}3083-man 534500x800000000000000027243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.644{ec2a2542-2972-6254-0000-000000000000}3085-man 534500x800000000000000027244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.645{00000000-0000-0000-0000-000000000000}3084<unknown process>man 534500x800000000000000027245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.648{00000000-0000-0000-0000-000000000000}3086<unknown process>man 534500x800000000000000027247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.652{ec2a2542-2972-6254-0000-000000000000}3089-man 534500x800000000000000027246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.652{00000000-0000-0000-0000-000000000000}3087<unknown process>man 534500x800000000000000027248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.653{ec2a2542-2972-6254-0000-000000000000}3088-man 534500x800000000000000027249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.656{ec2a2542-2972-6254-0000-000000000000}3090-man 534500x800000000000000027250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.659{ec2a2542-2972-6254-0000-000000000000}3091-man 534500x800000000000000027252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.661{ec2a2542-2972-6254-0000-000000000000}3092-man 534500x800000000000000027251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.661{ec2a2542-2972-6254-0000-000000000000}3093-man 534500x800000000000000027253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.664{ec2a2542-2972-6254-0000-000000000000}3094-man 534500x800000000000000027255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.668{ec2a2542-2972-6254-0000-000000000000}3097-man 534500x800000000000000027254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.668{ec2a2542-2972-6254-0000-000000000000}3095-man 534500x800000000000000027256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.669{00000000-0000-0000-0000-000000000000}3096<unknown process>man 534500x800000000000000027257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.672{00000000-0000-0000-0000-000000000000}3098<unknown process>man 534500x800000000000000027258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.675{ec2a2542-2972-6254-0000-000000000000}3099-man 534500x800000000000000027260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.676{00000000-0000-0000-0000-000000000000}3100<unknown process>man 534500x800000000000000027259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.676{ec2a2542-2972-6254-0000-000000000000}3101-man 534500x800000000000000027261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.679{00000000-0000-0000-0000-000000000000}3102<unknown process>man 534500x800000000000000027262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.683{ec2a2542-2972-6254-0000-000000000000}3103-man 534500x800000000000000027263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.684{ec2a2542-2972-6254-0000-000000000000}3105-man 534500x800000000000000027264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.685{ec2a2542-2972-6254-0000-000000000000}3104-man 534500x800000000000000027265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.689{ec2a2542-2972-6254-0000-000000000000}3106-man 534500x800000000000000027266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.693{ec2a2542-2972-6254-0000-000000000000}3107-man 534500x800000000000000027267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.694{ec2a2542-2972-6254-0000-000000000000}3110-man 534500x800000000000000027268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.695{00000000-0000-0000-0000-000000000000}3108<unknown process>man 534500x800000000000000027269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.699{ec2a2542-2972-6254-0000-000000000000}3111-man 534500x800000000000000027270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.702{ec2a2542-2972-6254-0000-000000000000}3112-man 534500x800000000000000027271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.703{ec2a2542-2972-6254-0000-000000000000}3114-man 534500x800000000000000027272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.704{ec2a2542-2972-6254-0000-000000000000}3113-man 534500x800000000000000027273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.709{00000000-0000-0000-0000-000000000000}3115<unknown process>man 534500x800000000000000027275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.713{ec2a2542-2972-6254-0000-000000000000}3118-man 534500x800000000000000027274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.713{00000000-0000-0000-0000-000000000000}3116<unknown process>man 534500x800000000000000027276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.714{ec2a2542-2972-6254-0000-000000000000}3117-man 534500x800000000000000027277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.718{00000000-0000-0000-0000-000000000000}3119<unknown process>man 534500x800000000000000027278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.721{ec2a2542-2972-6254-0000-000000000000}3120-man 534500x800000000000000027279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.722{ec2a2542-2972-6254-0000-000000000000}3122-man 534500x800000000000000027280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.723{ec2a2542-2972-6254-0000-000000000000}3121-man 534500x800000000000000027281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.727{00000000-0000-0000-0000-000000000000}3123<unknown process>man 534500x800000000000000027283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.730{ec2a2542-2972-6254-0000-000000000000}3126-man 534500x800000000000000027282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.730{ec2a2542-2972-6254-0000-000000000000}3124-man 534500x800000000000000027284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.731{00000000-0000-0000-0000-000000000000}3125<unknown process>man 534500x800000000000000027285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.734{ec2a2542-2972-6254-0000-000000000000}3127-man 534500x800000000000000027286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.737{ec2a2542-2972-6254-0000-000000000000}3128-man 534500x800000000000000027287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.738{ec2a2542-2972-6254-0000-000000000000}3130-man 534500x800000000000000027288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.739{ec2a2542-2972-6254-0000-000000000000}3129-man 534500x800000000000000027289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.743{00000000-0000-0000-0000-000000000000}3131<unknown process>man 534500x800000000000000027290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.746{00000000-0000-0000-0000-000000000000}3132<unknown process>man 534500x800000000000000027291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.747{ec2a2542-2972-6254-0000-000000000000}3134-man 534500x800000000000000027292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.748{00000000-0000-0000-0000-000000000000}3133<unknown process>man 534500x800000000000000027293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.752{00000000-0000-0000-0000-000000000000}3135<unknown process>man 534500x800000000000000027294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.759{ec2a2542-2972-6254-0000-000000000000}3136-man 534500x800000000000000027295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.760{ec2a2542-2972-6254-0000-000000000000}3138-man 534500x800000000000000027296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.761{ec2a2542-2972-6254-0000-000000000000}3137-man 534500x800000000000000027297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.764{00000000-0000-0000-0000-000000000000}3139<unknown process>man 534500x800000000000000027298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.767{00000000-0000-0000-0000-000000000000}3140<unknown process>man 534500x800000000000000027299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.768{ec2a2542-2972-6254-0000-000000000000}3142-man 534500x800000000000000027300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.769{ec2a2542-2972-6254-0000-000000000000}3141-man 534500x800000000000000027301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.774{00000000-0000-0000-0000-000000000000}3143<unknown process>man 534500x800000000000000027302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.777{00000000-0000-0000-0000-000000000000}3144<unknown process>man 534500x800000000000000027303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.778{ec2a2542-2972-6254-0000-000000000000}3146-man 534500x800000000000000027304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.779{ec2a2542-2972-6254-0000-000000000000}3145-man 534500x800000000000000027305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.783{00000000-0000-0000-0000-000000000000}3147<unknown process>man 534500x800000000000000027306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.789{00000000-0000-0000-0000-000000000000}3148<unknown process>man 534500x800000000000000027307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.790{ec2a2542-2972-6254-0000-000000000000}3150-man 534500x800000000000000027308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.797{ec2a2542-2972-6254-0000-000000000000}3149-man 534500x800000000000000027309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.802{ec2a2542-2972-6254-0000-000000000000}3151-man 534500x800000000000000027310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.807{ec2a2542-2972-6254-0000-000000000000}3152-man 534500x800000000000000027311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.808{ec2a2542-2972-6254-0000-000000000000}3154-man 534500x800000000000000027312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.809{ec2a2542-2972-6254-0000-000000000000}3153-man 534500x800000000000000027313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.813{ec2a2542-2972-6254-0000-000000000000}3155-man 534500x800000000000000027314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.816{ec2a2542-2972-6254-0000-000000000000}3156-man 534500x800000000000000027316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.818{ec2a2542-2972-6254-0000-000000000000}3157-man 534500x800000000000000027315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.818{ec2a2542-2972-6254-0000-000000000000}3158-man 534500x800000000000000027317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.822{ec2a2542-2972-6254-0000-000000000000}3159-man 534500x800000000000000027318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.825{ec2a2542-2972-6254-0000-000000000000}3160-man 534500x800000000000000027320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.826{ec2a2542-2972-6254-0000-000000000000}3161-man 534500x800000000000000027319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.826{ec2a2542-2972-6254-0000-000000000000}3162-man 534500x800000000000000027321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.830{00000000-0000-0000-0000-000000000000}3163<unknown process>man 534500x800000000000000027323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.835{ec2a2542-2972-6254-0000-000000000000}3166-man 534500x800000000000000027322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.835{ec2a2542-2972-6254-0000-000000000000}3164-man 534500x800000000000000027324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.836{ec2a2542-2972-6254-0000-000000000000}3165-man 534500x800000000000000027325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.839{ec2a2542-2972-6254-0000-000000000000}3167-man 534500x800000000000000027326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.864{00000000-0000-0000-0000-000000000000}3168<unknown process>man 534500x800000000000000027327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.865{ec2a2542-2972-6254-0000-000000000000}3170-man 534500x800000000000000027328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.866{ec2a2542-2972-6254-0000-000000000000}3169-man 23542300x800000000000000027329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.875{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/hu/3013--- 23542300x800000000000000027330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.876{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/da/3013--- 23542300x800000000000000027331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.877{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/cs/3013--- 23542300x800000000000000027332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.878{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/id/3013--- 23542300x800000000000000027333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.879{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/ru/3013--- 23542300x800000000000000027334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.881{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/sl/3013--- 23542300x800000000000000027335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.882{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/tr/3013--- 23542300x800000000000000027336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.883{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/zh_CN/3013--- 23542300x800000000000000027337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.884{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/it/3013--- 23542300x800000000000000027338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.886{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/ko/3013--- 23542300x800000000000000027339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.887{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/fi/3013--- 23542300x800000000000000027340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.888{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/ja/3013--- 23542300x800000000000000027341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.889{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/pt_BR/3013--- 23542300x800000000000000027342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.890{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/pl/3013--- 23542300x800000000000000027343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.892{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/sv/3013--- 23542300x800000000000000027344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.893{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/de/3013--- 23542300x800000000000000027345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.894{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/zh_TW/3013--- 23542300x800000000000000027346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.896{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/nl/3013--- 23542300x800000000000000027347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.897{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/pt/3013--- 23542300x800000000000000027348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.898{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/sr/3013--- 23542300x800000000000000027349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.900{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/es/3013--- 23542300x800000000000000027350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.901{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/fr/3013--- 23542300x800000000000000027351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.902{ec2a2542-2972-6254-98e7-52e7c2550000}3013man/usr/bin/mandb/var/cache/man/oldlocal/3013--- 534500x800000000000000027353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.903{ec2a2542-2972-6254-6812-172f7e550000}3012/bin/dashroot 534500x800000000000000027352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.903{ec2a2542-2972-6254-98e7-52e7c2550000}3013/usr/bin/perlman 154100x800000000000000027354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.914{ec2a2542-2972-6254-68c2-b6f8ae550000}3171/bin/dash-----/bin/sh /var/lib/dpkg/info/libc-bin.postinst triggered ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2972-6254-7091-5b1f40560000}3011/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.915{ec2a2542-2972-6254-b841-c1bfd07f0000}3172/sbin/ldconfig.real-----/sbin/ldconfig.real/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2972-6254-68c2-b6f8ae550000}3171/bin/dash/bin/shroot 154100x800000000000000027355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.915{ec2a2542-2972-6254-68b2-8da922560000}3172/bin/dash-----/bin/sh /sbin/ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2972-6254-68c2-b6f8ae550000}3171/bin/dash/bin/shroot 534500x800000000000000027358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.928{ec2a2542-2972-6254-68c2-b6f8ae550000}3171/bin/dashroot 534500x800000000000000027357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.928{ec2a2542-2972-6254-68b2-8da922560000}3172/bin/dashroot 23542300x800000000000000027359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.967{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000027371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000027370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000027369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000027368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000027367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000027366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000027365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000027364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000027363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000027362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000027361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000027360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.969{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000027410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0050--- 23542300x800000000000000027409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0049--- 23542300x800000000000000027408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0048--- 23542300x800000000000000027407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0047--- 23542300x800000000000000027406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0046--- 23542300x800000000000000027405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0045--- 23542300x800000000000000027404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0044--- 23542300x800000000000000027403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0043--- 23542300x800000000000000027402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0042--- 23542300x800000000000000027401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0041--- 23542300x800000000000000027400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000027399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000027398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000027397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000027396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000027395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000027394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000027393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000027392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000027391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000027390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000027389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000027388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000027387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000027386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000027385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000027384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000027383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000027382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000027381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000027380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000027379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000027378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000027377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000027376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000027375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000027374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000027373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000027372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.970{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000027420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0060--- 23542300x800000000000000027419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0059--- 23542300x800000000000000027418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0058--- 23542300x800000000000000027417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0057--- 23542300x800000000000000027416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0056--- 23542300x800000000000000027415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0055--- 23542300x800000000000000027414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0054--- 23542300x800000000000000027413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0053--- 23542300x800000000000000027412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0052--- 23542300x800000000000000027411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.971{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/0051--- 23542300x800000000000000027421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.974{ec2a2542-2972-6254-7091-5b1f40560000}3011root/usr/bin/dpkg/var/lib/dpkg/updates/tmp.i--- 534500x800000000000000027422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.975{ec2a2542-2972-6254-7091-5b1f40560000}3011/usr/bin/dpkgroot 23542300x800000000000000027424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.976{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.huSVg3--- 23542300x800000000000000027423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.976{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/pkgcache.bin--- 23542300x800000000000000027425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.983{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.wovDqz--- 23542300x800000000000000027426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.988{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.tw6gB5--- 23542300x800000000000000027427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.990{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.AuWeMB--- 23542300x800000000000000027428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.992{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.fdztX7--- 23542300x800000000000000027429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.996{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.UDsr9D--- 23542300x800000000000000027430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:22.998{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.1VSGla--- 23542300x800000000000000027431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.002{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.wzSEyG--- 23542300x800000000000000027432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.004{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.XGpULc--- 23542300x800000000000000027433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.005{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.Ya0nZI--- 23542300x800000000000000027434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.007{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.Tgk5cf--- 23542300x800000000000000027435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.008{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.GG60qL--- 23542300x800000000000000027436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.009{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.h9RaFh--- 23542300x800000000000000027437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.011{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.ggZATN--- 23542300x800000000000000027438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.012{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.bIFh8j--- 23542300x800000000000000027439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.014{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.Uu7enQ--- 23542300x800000000000000027440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.016{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.7Z1uCm--- 154100x800000000000000027441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.017{ec2a2542-2973-6254-7041-61e458550000}3173/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000027442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.020{ec2a2542-2973-6254-7041-61e458550000}3173/usr/bin/dpkgroot 154100x800000000000000027443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.218{ec2a2542-2973-6254-7001-8407a5550000}3174/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000027444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.221{ec2a2542-2973-6254-7001-8407a5550000}3174/usr/bin/dpkgroot 154100x800000000000000027445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.318{ec2a2542-2973-6254-7031-2a89f9550000}3175/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 534500x800000000000000027446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.321{ec2a2542-2973-6254-7031-2a89f9550000}3175/usr/bin/dpkgroot 354300x800000000000000027447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.329{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34446-false10.0.1.12-8089- 154100x800000000000000027448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.344{ec2a2542-2973-6254-6882-f63465550000}3177/bin/dash-----sh -c if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3176--- 154100x800000000000000027449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.345{ec2a2542-2973-6254-10c0-533f95550000}3178/bin/touch-----touch /var/lib/update-notifier/dpkg-run-stamp/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6882-f63465550000}3177/bin/dashshroot 154100x800000000000000027451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.346{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6882-f63465550000}3177/bin/dashshroot 534500x800000000000000027450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.346{ec2a2542-2973-6254-10c0-533f95550000}3178/bin/touchroot 154100x800000000000000027452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.347{ec2a2542-2973-6254-7324-9d8643560000}3180/usr/bin/apt-config-----apt-config shell StateDir Dir::State/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 154100x800000000000000027453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.352{ec2a2542-2973-6254-7011-76085f550000}3181/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-7324-9d8643560000}3180/usr/bin/apt-configapt-configroot 534500x800000000000000027454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.354{ec2a2542-2973-6254-7011-76085f550000}3181/usr/bin/dpkgroot 154100x800000000000000027456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.355{ec2a2542-2973-6254-7344-ff2e1c560000}3182/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.355{ec2a2542-2973-6254-7324-9d8643560000}3180/usr/bin/apt-configroot 154100x800000000000000027457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.360{ec2a2542-2973-6254-7041-aa179e550000}3183/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-7344-ff2e1c560000}3182/usr/bin/apt-configapt-configroot 534500x800000000000000027458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.362{ec2a2542-2973-6254-7041-aa179e550000}3183/usr/bin/dpkgroot 154100x800000000000000027460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.363{ec2a2542-2973-6254-7304-b16f5a550000}3184/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.363{ec2a2542-2973-6254-7344-ff2e1c560000}3182/usr/bin/apt-configroot 154100x800000000000000027461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.367{ec2a2542-2973-6254-7001-a1ad17560000}3185/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-7304-b16f5a550000}3184/usr/bin/apt-configapt-configroot 534500x800000000000000027462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.370{ec2a2542-2973-6254-7001-a1ad17560000}3185/usr/bin/dpkgroot 154100x800000000000000027464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.371{ec2a2542-2973-6254-7374-e8d50c560000}3186/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.371{ec2a2542-2973-6254-7304-b16f5a550000}3184/usr/bin/apt-configroot 154100x800000000000000027465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.375{ec2a2542-2973-6254-7071-a10094550000}3187/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-7374-e8d50c560000}3186/usr/bin/apt-configapt-configroot 534500x800000000000000027466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.377{ec2a2542-2973-6254-7071-a10094550000}3187/usr/bin/dpkgroot 154100x800000000000000027468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.378{ec2a2542-2973-6254-7374-6b721e560000}3188/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.378{ec2a2542-2973-6254-7374-e8d50c560000}3186/usr/bin/apt-configroot 154100x800000000000000027469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.382{ec2a2542-2973-6254-7031-6f5b5c550000}3189/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-7374-6b721e560000}3188/usr/bin/apt-configapt-configroot 534500x800000000000000027470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.384{ec2a2542-2973-6254-7031-6f5b5c550000}3189/usr/bin/dpkgroot 154100x800000000000000027472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.386{ec2a2542-2973-6254-90f0-77bceb550000}3190/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/updates-available -print -quit/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.386{ec2a2542-2973-6254-7374-6b721e560000}3188/usr/bin/apt-configroot 154100x800000000000000027476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.387{ec2a2542-2973-6254-a800-48da6c550000}3191/bin/mktemp-----mktemp -p /var/lib/update-notifier/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.387{ec2a2542-2973-6254-90f0-77bceb550000}3190/usr/bin/findroot 534500x800000000000000027475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.388{ec2a2542-2973-6254-e8a8-53640d560000}3192/usr/bin/dirnameroot 154100x800000000000000027474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.388{ec2a2542-2973-6254-e8a8-53640d560000}3192/usr/bin/dirname-----dirname /var/lib/update-notifier/updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3191--- 154100x800000000000000027478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.389{ec2a2542-2973-6254-a036-7b0000000000}3193/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/update-notifier/apt-check --human-readable/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.389{ec2a2542-2973-6254-a800-48da6c550000}3191/bin/mktemproot 154100x800000000000000027479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.558{ec2a2542-2973-6254-7021-f9ca45560000}3194/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-a036-7b0000000000}3193/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000027480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.560{ec2a2542-2973-6254-7021-f9ca45560000}3194/usr/bin/dpkgroot 23542300x800000000000000027481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.561{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.VNGC4N--- 23542300x800000000000000027482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.566{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.0aQXOl--- 23542300x800000000000000027483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.571{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.FvocAT--- 23542300x800000000000000027484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.573{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.s0VIlr--- 23542300x800000000000000027485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.574{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.FTqu7Y--- 23542300x800000000000000027486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.580{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.aXjaUw--- 23542300x800000000000000027487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.582{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.VddeH4--- 23542300x800000000000000027488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.588{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.UYUfvC--- 23542300x800000000000000027489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.589{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.VdDwja--- 23542300x800000000000000027490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.590{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.ymVZ7H--- 23542300x800000000000000027491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.592{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.v6SFWf--- 23542300x800000000000000027492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.593{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.eFFyLN--- 23542300x800000000000000027493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.594{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.TpTDAl--- 23542300x800000000000000027494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.595{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.Ir1XpT--- 23542300x800000000000000027495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.597{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.n8Rwfr--- 23542300x800000000000000027496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.600{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.4O0C5Y--- 154100x800000000000000027498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.602{ec2a2542-2973-6254-70f1-e2b969550000}3195/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-a036-7b0000000000}3193/usr/bin/python3.6/usr/bin/python3root 23542300x800000000000000027497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.602{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.JfEZVw--- 534500x800000000000000027499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:23.605{ec2a2542-2973-6254-70f1-e2b969550000}3195/usr/bin/dpkgroot 23542300x800000000000000027500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.071{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.IjEM35--- 23542300x800000000000000027501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.075{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.VoUhcF--- 23542300x800000000000000027502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.079{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.ItZtle--- 23542300x800000000000000027503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.081{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.PGPWuN--- 23542300x800000000000000027504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.082{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.MRQEEm--- 23542300x800000000000000027505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.086{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.leQ2OV--- 23542300x800000000000000027506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.088{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.yGrHZu--- 23542300x800000000000000027507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.092{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.Djq1a4--- 23542300x800000000000000027508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.093{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.W1kBmD--- 23542300x800000000000000027509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.095{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.Lqkoyc--- 23542300x800000000000000027510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.096{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.mdDoKL--- 23542300x800000000000000027511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.097{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.zEGBWk--- 23542300x800000000000000027512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.098{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.2et18T--- 23542300x800000000000000027513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.100{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.DCAGlt--- 23542300x800000000000000027514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.101{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.QcTAy2--- 23542300x800000000000000027515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.103{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.plkKLB--- 23542300x800000000000000027516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.104{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.UdJaZa--- 154100x800000000000000027517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.105{ec2a2542-2974-6254-70f1-167d2c560000}3196/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-a036-7b0000000000}3193/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000027518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.108{ec2a2542-2974-6254-70f1-167d2c560000}3196/usr/bin/dpkgroot 23542300x800000000000000027519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.370{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.BUWwVK--- 23542300x800000000000000027520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.376{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.qzCQSk--- 23542300x800000000000000027521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.380{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.JDRQQU--- 23542300x800000000000000027522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.381{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.OFW6Ou--- 23542300x800000000000000027523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.383{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.5s4BN4--- 23542300x800000000000000027524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.386{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.KjrMME--- 23542300x800000000000000027525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.388{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.DzJcMe--- 23542300x800000000000000027526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.392{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.6bAhMO--- 23542300x800000000000000027527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.393{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.T6eCMo--- 23542300x800000000000000027528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.395{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.gP09MY--- 23542300x800000000000000027529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.396{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.zfNUNy--- 23542300x800000000000000027530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.397{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.o0bSO8--- 23542300x800000000000000027531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.398{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.7Qh2PI--- 23542300x800000000000000027532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.400{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.CawrRi--- 23542300x800000000000000027533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.401{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.9zL5SS--- 23542300x800000000000000027534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.403{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.Us1YUs--- 23542300x800000000000000027535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.404{ec2a2542-2973-6254-a036-7b0000000000}3193root/usr/bin/python3.6/tmp/fileutl.message.HH18W2--- 534500x800000000000000027536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.558{ec2a2542-2973-6254-a036-7b0000000000}3193/usr/bin/python3.6root 154100x800000000000000027537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.559{ec2a2542-2974-6254-88db-9eef8b550000}3197/bin/mv-----mv /var/lib/update-notifier/tmp.tnx9fYHh3K /var/lib/update-notifier/updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 154100x800000000000000027539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.561{ec2a2542-2974-6254-7083-eaa48d550000}3198/bin/rm-----rm -f /var/lib/update-notifier/tmp.tnx9fYHh3K/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2973-6254-6832-326391550000}3179/bin/dash/bin/shroot 534500x800000000000000027538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.561{ec2a2542-2974-6254-88db-9eef8b550000}3197/bin/mvroot 534500x800000000000000027542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.562{ec2a2542-2973-6254-6882-f63465550000}3177/bin/dashroot 534500x800000000000000027541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.562{ec2a2542-2973-6254-6832-326391550000}3179/bin/dashroot 534500x800000000000000027540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.562{ec2a2542-2974-6254-7083-eaa48d550000}3198/bin/rmroot 23542300x800000000000000027545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.563{ec2a2542-0ffd-6254-8063-961ac7550000}918root/lib/systemd/systemd-logind/run/systemd/inhibit/2.ref--- 23542300x800000000000000027544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.563{ec2a2542-0ffd-6254-8063-961ac7550000}918root/lib/systemd/systemd-logind/run/systemd/inhibit/2--- 534500x800000000000000027543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.563{ec2a2542-2973-6254-0000-000000000000}3176-root 154100x800000000000000027546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.564{ec2a2542-2974-6254-6842-441ef0550000}3200/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3199--- 154100x800000000000000027547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.566{ec2a2542-2974-6254-ea6e-c27fbf550000}3201/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-6842-441ef0550000}3200/bin/dashshroot 534500x800000000000000027549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.569{ec2a2542-2974-6254-6842-441ef0550000}3200/bin/dashroot 534500x800000000000000027548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.569{ec2a2542-2974-6254-ea6e-c27fbf550000}3201/usr/lib/ubuntu-advantage/apt-esm-hookroot 534500x800000000000000027550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.570{ec2a2542-2974-6254-0000-000000000000}3199-root 154100x800000000000000027551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.571{ec2a2542-2974-6254-6822-95acbb550000}3202/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot 154100x800000000000000027559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.573{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-6822-95acbb550000}3202/bin/dash/bin/shroot 154100x800000000000000027552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.573{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-6822-95acbb550000}3202/bin/dash/bin/shroot 534500x800000000000000027558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.586{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.607{ec2a2542-2974-6254-70a8-8f24f7550000}3203/usr/bin/snaproot 534500x800000000000000027566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.608{ec2a2542-2974-6254-e424-9dbd64550000}3203/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.609{ec2a2542-2974-6254-6822-95acbb550000}3202/bin/dashroot 534500x800000000000000027568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.614{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getroot 154100x800000000000000027570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.615{ec2a2542-2974-6254-08ae-51bf4f560000}3216/usr/bin/sudo-----sudo apt-get install gcc-mipsel-linux-gnu -y/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2766--- 534500x800000000000000027569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.615{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoroot 354300x800000000000000027573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.619{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-39184-false10.0.0.2-53- 354300x800000000000000027572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.619{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-49790-false10.0.0.2-53- 354300x800000000000000027571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.619{ec2a2542-2974-6254-08ae-51bf4f560000}3216/usr/bin/sudoubuntuudptruefalse127.0.0.1-33241-false127.0.0.53-53- 354300x800000000000000027576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.620{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56839- 354300x800000000000000027575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.620{ec2a2542-2974-6254-08ae-51bf4f560000}3216/usr/bin/sudoubuntuudptruefalse127.0.0.1-56839-false127.0.0.53-53- 354300x800000000000000027574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.620{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33241- 154100x800000000000000027577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.623{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-get-----apt-get install gcc-mipsel-linux-gnu -y/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-08ae-51bf4f560000}3216/usr/bin/sudosudoubuntu 154100x800000000000000027578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.628{ec2a2542-2974-6254-70d1-4201a2550000}3218/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 23542300x800000000000000027580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.631{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.LIPBPO--- 534500x800000000000000027579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.631{ec2a2542-2974-6254-70d1-4201a2550000}3218/usr/bin/dpkgroot 23542300x800000000000000027581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.642{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.U203vp--- 23542300x800000000000000027582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.648{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.Pjfsd0--- 23542300x800000000000000027583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.649{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.OOT5UA--- 23542300x800000000000000027584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.651{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.rbpZCb--- 23542300x800000000000000027585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.656{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.Y9rJlM--- 23542300x800000000000000027586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.657{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.f97I4m--- 23542300x800000000000000027587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.661{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.qyspOX--- 23542300x800000000000000027588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.663{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.T1rlyy--- 23542300x800000000000000027589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.664{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.wUxui9--- 23542300x800000000000000027590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.665{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.1OPQ2J--- 23542300x800000000000000027591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.667{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.ofnqNk--- 23542300x800000000000000027592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.668{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.xiScyV--- 23542300x800000000000000027593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.670{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.UTdhjw--- 23542300x800000000000000027594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.671{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.T1mB46--- 23542300x800000000000000027595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.673{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.qaXaQH--- 23542300x800000000000000027596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.674{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.LbV1Bi--- 154100x800000000000000027597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.675{ec2a2542-2974-6254-7091-ee4b2f560000}3219/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000027598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:24.677{ec2a2542-2974-6254-7091-ee4b2f560000}3219/usr/bin/dpkgroot 154100x800000000000000027599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.118{ec2a2542-2975-6254-68f2-c2af21560000}3220/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000027607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.119{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-68f2-c2af21560000}3220/bin/dash/bin/shroot 154100x800000000000000027600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.119{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-68f2-c2af21560000}3220/bin/dash/bin/shroot 534500x800000000000000027605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.133{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.133{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.133{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.133{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.133{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.134{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.157{ec2a2542-2975-6254-70b8-58690c560000}3221/usr/bin/snaproot 534500x800000000000000027615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.158{ec2a2542-2975-6254-68f2-c2af21560000}3220/bin/dashroot 534500x800000000000000027614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.158{ec2a2542-2975-6254-e434-dfd954560000}3221/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000027616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.159{ec2a2542-2975-6254-68c2-8e1590550000}3235/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3234--- 154100x800000000000000027617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.160{ec2a2542-2975-6254-eaee-89703f560000}3236/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-68c2-8e1590550000}3235/bin/dashshroot 534500x800000000000000027620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.168{ec2a2542-2974-6254-0000-000000000000}3234-root 534500x800000000000000027619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.168{ec2a2542-2975-6254-68c2-8e1590550000}3235/bin/dashroot 534500x800000000000000027618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.168{ec2a2542-2975-6254-eaee-89703f560000}3236/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x800000000000000027621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.184{ec2a2542-2975-6254-b953-de107b550000}3237/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000027622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.190{ec2a2542-2975-6254-b953-de107b550000}3237/usr/lib/apt/methods/httproot 154100x800000000000000027623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.218{ec2a2542-2975-6254-6882-a242f0550000}3238/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000027631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.220{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6882-a242f0550000}3238/bin/dash/bin/shroot 154100x800000000000000027624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.220{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6882-a242f0550000}3238/bin/dash/bin/shroot 534500x800000000000000027630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.234{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-e434-5cac98550000}3239/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.254{ec2a2542-2975-6254-7068-8f553f560000}3239/usr/bin/snaproot 534500x800000000000000027639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.255{ec2a2542-2975-6254-6882-a242f0550000}3238/bin/dashroot 154100x800000000000000027640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.261{ec2a2542-2975-6254-6802-9ccd26560000}3252/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000027648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.262{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6802-9ccd26560000}3252/bin/dash/bin/shroot 154100x800000000000000027641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.262{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6802-9ccd26560000}3252/bin/dash/bin/shroot 534500x800000000000000027646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.280{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.280{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.280{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.280{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.281{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.281{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000027649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.304{ec2a2542-2975-6254-7048-b17f64550000}3253/usr/bin/snaproot 534500x800000000000000027656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.305{ec2a2542-2975-6254-6802-9ccd26560000}3252/bin/dashroot 534500x800000000000000027655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.305{ec2a2542-2975-6254-e444-27db7a550000}3253/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000027670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2975-6254-b9c3-c5d4f0550000}3266/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 23542300x800000000000000027669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.C1T72m--- 23542300x800000000000000027668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.dkEoyK--- 23542300x800000000000000027667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.M3HF37--- 23542300x800000000000000027666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.fa5Wyv--- 23542300x800000000000000027665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.qWJe4S--- 23542300x800000000000000027664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.vAIwzg--- 23542300x800000000000000027663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.OyZO4D--- 23542300x800000000000000027662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.bHz7z1--- 23542300x800000000000000027661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.A2qq5o--- 23542300x800000000000000027660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.38BJAM--- 23542300x800000000000000027659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.aD6259--- 23542300x800000000000000027658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.HHSmBx--- 23542300x800000000000000027657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.306{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.gL0G6U--- 354300x800000000000000027671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.314{ec2a2542-2975-6254-b9c3-c5d4f0550000}3266/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-41693-false127.0.0.53-53- 354300x800000000000000027675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.315{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-41115- 354300x800000000000000027674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.315{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-54472-false10.0.0.2-53- 354300x800000000000000027673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.315{ec2a2542-2975-6254-b9c3-c5d4f0550000}3266/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-41115-false127.0.0.53-53- 354300x800000000000000027672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.315{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-41693- 354300x800000000000000027676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.317{ec2a2542-2975-6254-b9c3-c5d4f0550000}3266/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-43472-false52.15.158.54-80- 23542300x800000000000000027678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.796{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/log/apt/eipp.log.xz--- 534500x800000000000000027677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.796{ec2a2542-2975-6254-b9c3-c5d4f0550000}3266/usr/lib/apt/methods/http_apt 154100x800000000000000027679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.881{ec2a2542-2975-6254-68c2-714bcb550000}3267/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000027680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.882{ec2a2542-2975-6254-98d7-4a9d47560000}3268/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-68c2-714bcb550000}3267/bin/dash/bin/shroot 154100x800000000000000027681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.917{ec2a2542-2975-6254-30b0-4e029f550000}3269/usr/bin/locale-----locale charmap/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-98d7-4a9d47560000}3268/usr/bin/perl/usr/bin/perlroot 534500x800000000000000027682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.918{ec2a2542-2975-6254-30b0-4e029f550000}3269/usr/bin/localeroot 154100x800000000000000027683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.975{ec2a2542-2975-6254-6832-97dcb8550000}3270/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-98d7-4a9d47560000}3268/usr/bin/perl/usr/bin/perlroot 154100x800000000000000027684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.976{ec2a2542-2975-6254-f02e-2b73b7550000}3271/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6832-97dcb8550000}3270/bin/dashshroot 154100x800000000000000027687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.977{ec2a2542-2975-6254-6862-952665550000}3272/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-98d7-4a9d47560000}3268/usr/bin/perl/usr/bin/perlroot 534500x800000000000000027686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.977{ec2a2542-2975-6254-6832-97dcb8550000}3270/bin/dashroot 534500x800000000000000027685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.977{ec2a2542-2975-6254-f02e-2b73b7550000}3271/bin/sttyroot 154100x800000000000000027688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.978{ec2a2542-2975-6254-f09e-6ae1dc550000}3273/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-6862-952665550000}3272/bin/dashshroot 534500x800000000000000027690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.980{ec2a2542-2975-6254-6862-952665550000}3272/bin/dashroot 534500x800000000000000027689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.980{ec2a2542-2975-6254-f09e-6ae1dc550000}3273/bin/sttyroot 154100x800000000000000027691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.981{ec2a2542-2975-6254-33f1-36d2e6550000}3275/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/gcc-7-mipsel-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/cpp-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/cpp-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/binutils-mipsel-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/cache/apt/archives/libc6-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb /var/cache/apt/archives/libgcc1-mipsel-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgomp1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libatomic1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgcc-7-dev-mipsel-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/gcc-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/gcc-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/linux-libc-dev-mipsel-cross_4.15.0-35.38cross1.2_all.deb /var/cache/apt/archives/libc6-dev-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3274--- 154100x800000000000000027692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.989{ec2a2542-2975-6254-7091-21fcad550000}3276/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-33f1-36d2e6550000}3275/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x800000000000000027694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.991{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.YUUzki--- 534500x800000000000000027693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.991{ec2a2542-2975-6254-7091-21fcad550000}3276/usr/bin/dpkgroot 23542300x800000000000000027695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:25.997{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.HO48HW--- 23542300x800000000000000027696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.002{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.sYxz6A--- 23542300x800000000000000027697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.004{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Tw3lvf--- 23542300x800000000000000027698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.005{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.M7zpUT--- 23542300x800000000000000027699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.010{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.3W1eky--- 23542300x800000000000000027700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.012{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.KsIqKc--- 23542300x800000000000000027701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.017{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Z9AobR--- 23542300x800000000000000027702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.018{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.GQ0BCv--- 23542300x800000000000000027703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.020{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Pfja49--- 23542300x800000000000000027704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.021{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.EUdWvO--- 23542300x800000000000000027705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.023{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.nJD2Xs--- 23542300x800000000000000027706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.025{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.0b6qq7--- 23542300x800000000000000027707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.027{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.dn9aTL--- 23542300x800000000000000027708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.029{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Euccmq--- 23542300x800000000000000027709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.031{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.1vpxP4--- 23542300x800000000000000027710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.033{ec2a2542-2975-6254-33f1-36d2e6550000}3275root/usr/bin/apt-extracttemplates/tmp/fileutl.message.mTudjJ--- 154100x800000000000000027711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.034{ec2a2542-2976-6254-7081-d73943560000}3277/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-33f1-36d2e6550000}3275/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000027712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.036{ec2a2542-2976-6254-7081-d73943560000}3277/usr/bin/dpkgroot 154100x800000000000000027713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.064{ec2a2542-2976-6254-70e1-d112af550000}3278/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2975-6254-33f1-36d2e6550000}3275/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000027714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.067{ec2a2542-2976-6254-70e1-d112af550000}3278/usr/bin/dpkgroot 534500x800000000000000027715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.104{ec2a2542-2975-6254-33f1-36d2e6550000}3275/usr/bin/apt-extracttemplatesroot 534500x800000000000000027716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.116{ec2a2542-2975-6254-0000-000000000000}3274-root 534500x800000000000000027718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.122{ec2a2542-2975-6254-68c2-714bcb550000}3267/bin/dashroot 534500x800000000000000027717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.122{ec2a2542-2975-6254-98d7-4a9d47560000}3268/usr/bin/perlroot 154100x800000000000000027719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.157{ec2a2542-2976-6254-70a1-239020560000}3279/usr/bin/dpkg-----/usr/bin/dpkg --assert-multi-arch/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000027720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.167{ec2a2542-2976-6254-70a1-239020560000}3279/usr/bin/dpkgroot 154100x800000000000000027721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.174{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-UoEDCG/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000027722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.188{ec2a2542-2976-6254-d85f-470acf550000}3281/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/00-gcc-7-mipsel-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.189{ec2a2542-2976-6254-d85f-470acf550000}3281/usr/bin/dpkg-splitroot 154100x800000000000000027724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.190{ec2a2542-2976-6254-408a-90e8c0550000}3282/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/00-gcc-7-mipsel-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.194{ec2a2542-2976-6254-b003-2843d3550000}3285/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-408a-90e8c0550000}3282/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.194{ec2a2542-2976-6254-0000-000000000000}3283-root 534500x800000000000000027727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.195{ec2a2542-2976-6254-0000-000000000000}3284-root 534500x800000000000000027728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.196{ec2a2542-2976-6254-b003-2843d3550000}3285/bin/tarroot 534500x800000000000000027729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.197{ec2a2542-2976-6254-408a-90e8c0550000}3282/usr/bin/dpkg-debroot 154100x800000000000000027730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.256{ec2a2542-2976-6254-404a-1ae0f8550000}3286/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/00-gcc-7-mipsel-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.258{ec2a2542-2976-6254-0000-000000000000}3287-root 534500x800000000000000027733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.261{ec2a2542-2976-6254-404a-1ae0f8550000}3286/usr/bin/dpkg-debroot 534500x800000000000000027732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.261{00000000-0000-0000-0000-000000000000}3288<unknown process>root 154100x800000000000000027734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.280{ec2a2542-2976-6254-7043-d3f133560000}3289/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.284{ec2a2542-2976-6254-7043-d3f133560000}3289/bin/rmroot 23542300x800000000000000027735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.284{ec2a2542-2976-6254-7043-d3f133560000}3289root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.285{ec2a2542-2976-6254-d80f-c25a73550000}3290/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/01-cpp-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.286{ec2a2542-2976-6254-d80f-c25a73550000}3290/usr/bin/dpkg-splitroot 154100x800000000000000027739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.287{ec2a2542-2976-6254-406a-5a1f3b560000}3291/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/01-cpp-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.288{ec2a2542-2976-6254-b0a3-711287550000}3294/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-406a-5a1f3b560000}3291/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.288{ec2a2542-2976-6254-0000-000000000000}3292-root 534500x800000000000000027742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.296{ec2a2542-2976-6254-0000-000000000000}3293-root 534500x800000000000000027744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.297{ec2a2542-2976-6254-406a-5a1f3b560000}3291/usr/bin/dpkg-debroot 534500x800000000000000027743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.297{ec2a2542-2976-6254-b0a3-711287550000}3294/bin/tarroot 154100x800000000000000027745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.318{ec2a2542-2976-6254-68d2-2d5886550000}3295/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.319{ec2a2542-2976-6254-403a-c2eca4550000}3296/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/01-cpp-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:26.319{ec2a2542-2976-6254-68d2-2d5886550000}3295/bin/dashroot 534500x800000000000000027748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.001{ec2a2542-2976-6254-0000-000000000000}3297-root 534500x800000000000000027749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.008{00000000-0000-0000-0000-000000000000}3298<unknown process>root 534500x800000000000000027750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.009{ec2a2542-2976-6254-403a-c2eca4550000}3296/usr/bin/dpkg-debroot 154100x800000000000000027751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.160{ec2a2542-2977-6254-7053-34c0dd550000}3299/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.162{ec2a2542-2977-6254-d85f-83761b560000}3300/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/02-cpp-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.162{ec2a2542-2977-6254-7053-34c0dd550000}3299/bin/rmroot 23542300x800000000000000027752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.162{ec2a2542-2977-6254-7053-34c0dd550000}3299root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000027755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.163{ec2a2542-2977-6254-d85f-83761b560000}3300/usr/bin/dpkg-splitroot 154100x800000000000000027756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.164{ec2a2542-2977-6254-40fa-f859ff550000}3301/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/02-cpp-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.165{ec2a2542-2977-6254-b083-69d329560000}3304/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-40fa-f859ff550000}3301/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.166{ec2a2542-2977-6254-0000-000000000000}3303-root 534500x800000000000000027757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.166{ec2a2542-2977-6254-0000-000000000000}3302-root 534500x800000000000000027761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.168{ec2a2542-2977-6254-40fa-f859ff550000}3301/usr/bin/dpkg-debroot 534500x800000000000000027760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.168{ec2a2542-2977-6254-b083-69d329560000}3304/bin/tarroot 154100x800000000000000027762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.183{ec2a2542-2977-6254-40ea-5c17b9550000}3305/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/02-cpp-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.184{ec2a2542-2977-6254-0000-000000000000}3306-root 534500x800000000000000027765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.187{ec2a2542-2977-6254-40ea-5c17b9550000}3305/usr/bin/dpkg-debroot 534500x800000000000000027764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.187{ec2a2542-2977-6254-0000-000000000000}3307-root 154100x800000000000000027766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.203{ec2a2542-2977-6254-7063-dafa82550000}3308/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.206{ec2a2542-2977-6254-d85f-2c64d9550000}3309/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/03-binutils-mipsel-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.206{ec2a2542-2977-6254-7063-dafa82550000}3308/bin/rmroot 23542300x800000000000000027767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.206{ec2a2542-2977-6254-7063-dafa82550000}3308root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000027770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.208{ec2a2542-2977-6254-d85f-2c64d9550000}3309/usr/bin/dpkg-splitroot 154100x800000000000000027771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.209{ec2a2542-2977-6254-404a-ace09b550000}3310/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/03-binutils-mipsel-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.210{ec2a2542-2977-6254-b0e3-fd6eb7550000}3313/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-404a-ace09b550000}3310/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.210{ec2a2542-2977-6254-0000-000000000000}3311-root 534500x800000000000000027773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.211{ec2a2542-2977-6254-0000-000000000000}3312-root 534500x800000000000000027775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.217{ec2a2542-2977-6254-b0e3-fd6eb7550000}3313/bin/tarroot 534500x800000000000000027776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.218{ec2a2542-2977-6254-404a-ace09b550000}3310/usr/bin/dpkg-debroot 154100x800000000000000027777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.237{ec2a2542-2977-6254-401a-12eebc550000}3314/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/03-binutils-mipsel-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.558{ec2a2542-2977-6254-0000-000000000000}3315-root 534500x800000000000000027780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.565{ec2a2542-2977-6254-401a-12eebc550000}3314/usr/bin/dpkg-debroot 534500x800000000000000027779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.565{00000000-0000-0000-0000-000000000000}3316<unknown process>root 154100x800000000000000027781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.613{ec2a2542-2977-6254-7023-bc29b6550000}3317/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000027782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.615{ec2a2542-2977-6254-7023-bc29b6550000}3317root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.616{ec2a2542-2977-6254-d89f-62dab0550000}3318/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/04-libc6-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.616{ec2a2542-2977-6254-7023-bc29b6550000}3317/bin/rmroot 154100x800000000000000027786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.617{ec2a2542-2977-6254-405a-f6d680550000}3319/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/04-libc6-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.617{ec2a2542-2977-6254-d89f-62dab0550000}3318/usr/bin/dpkg-splitroot 154100x800000000000000027788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.619{ec2a2542-2977-6254-b0f3-a46798550000}3322/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-405a-f6d680550000}3319/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.619{ec2a2542-2977-6254-0000-000000000000}3320-root 534500x800000000000000027789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.620{ec2a2542-2977-6254-0000-000000000000}3321-root 534500x800000000000000027790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.622{ec2a2542-2977-6254-b0f3-a46798550000}3322/bin/tarroot 534500x800000000000000027791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.623{ec2a2542-2977-6254-405a-f6d680550000}3319/usr/bin/dpkg-debroot 154100x800000000000000027792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.640{ec2a2542-2977-6254-408a-66f947560000}3323/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/04-libc6-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 354300x800000000000000027793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.720{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54740-false10.0.1.12-8000- 534500x800000000000000027794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.760{ec2a2542-2977-6254-0000-000000000000}3324-root 534500x800000000000000027796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.775{ec2a2542-2977-6254-408a-66f947560000}3323/usr/bin/dpkg-debroot 534500x800000000000000027795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.775{00000000-0000-0000-0000-000000000000}3325<unknown process>root 154100x800000000000000027797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.796{ec2a2542-2977-6254-70d3-fc1412560000}3326/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000027798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.797{ec2a2542-2977-6254-70d3-fc1412560000}3326root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.799{ec2a2542-2977-6254-d8ef-24794d560000}3327/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/05-libgcc1-mipsel-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.799{ec2a2542-2977-6254-70d3-fc1412560000}3326/bin/rmroot 154100x800000000000000027802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.801{ec2a2542-2977-6254-40fa-e39c21560000}3328/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/05-libgcc1-mipsel-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.801{ec2a2542-2977-6254-d8ef-24794d560000}3327/usr/bin/dpkg-splitroot 154100x800000000000000027804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.803{ec2a2542-2977-6254-b033-c08523560000}3331/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-40fa-e39c21560000}3328/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.803{ec2a2542-2977-6254-0000-000000000000}3329-root 534500x800000000000000027805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.804{ec2a2542-2977-6254-0000-000000000000}3330-root 534500x800000000000000027807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.806{ec2a2542-2977-6254-40fa-e39c21560000}3328/usr/bin/dpkg-debroot 534500x800000000000000027806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.806{ec2a2542-2977-6254-b033-c08523560000}3331/bin/tarroot 154100x800000000000000027808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.826{ec2a2542-2977-6254-400a-336ee7550000}3332/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/05-libgcc1-mipsel-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.828{ec2a2542-2977-6254-0000-000000000000}3333-root 534500x800000000000000027811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.834{ec2a2542-2977-6254-400a-336ee7550000}3332/usr/bin/dpkg-debroot 534500x800000000000000027810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.834{00000000-0000-0000-0000-000000000000}3334<unknown process>root 154100x800000000000000027812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.853{ec2a2542-2977-6254-70b3-ff0133560000}3335/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.854{ec2a2542-2977-6254-d8bf-b21203560000}3336/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/06-libgomp1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.854{ec2a2542-2977-6254-70b3-ff0133560000}3335/bin/rmroot 23542300x800000000000000027813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.854{ec2a2542-2977-6254-70b3-ff0133560000}3335root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.856{ec2a2542-2977-6254-409a-ab4d98550000}3337/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/06-libgomp1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.856{ec2a2542-2977-6254-d8bf-b21203560000}3336/usr/bin/dpkg-splitroot 154100x800000000000000027819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.860{ec2a2542-2977-6254-b0c3-e1694d560000}3340/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-409a-ab4d98550000}3337/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.860{ec2a2542-2977-6254-0000-000000000000}3338-root 534500x800000000000000027820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.861{ec2a2542-2977-6254-0000-000000000000}3339-root 534500x800000000000000027822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.863{ec2a2542-2977-6254-409a-ab4d98550000}3337/usr/bin/dpkg-debroot 534500x800000000000000027821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.863{ec2a2542-2977-6254-b0c3-e1694d560000}3340/bin/tarroot 154100x800000000000000027823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.884{ec2a2542-2977-6254-406a-92d4ff550000}3341/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/06-libgomp1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.888{ec2a2542-2977-6254-0000-000000000000}3342-root 534500x800000000000000027826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.894{ec2a2542-2977-6254-406a-92d4ff550000}3341/usr/bin/dpkg-debroot 534500x800000000000000027825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.894{00000000-0000-0000-0000-000000000000}3343<unknown process>root 154100x800000000000000027827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.912{ec2a2542-2977-6254-7053-99f195550000}3344/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.913{ec2a2542-2977-6254-d8df-b69b98550000}3345/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/07-libatomic1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.913{ec2a2542-2977-6254-7053-99f195550000}3344/bin/rmroot 23542300x800000000000000027828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.913{ec2a2542-2977-6254-7053-99f195550000}3344root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.915{ec2a2542-2977-6254-406a-d739ca550000}3346/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/07-libatomic1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.915{ec2a2542-2977-6254-d8df-b69b98550000}3345/usr/bin/dpkg-splitroot 154100x800000000000000027834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.916{ec2a2542-2977-6254-b033-61b9d7550000}3349/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-406a-d739ca550000}3346/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.917{ec2a2542-2977-6254-0000-000000000000}3348-root 534500x800000000000000027833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.917{ec2a2542-2977-6254-0000-000000000000}3347-root 534500x800000000000000027836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.919{ec2a2542-2977-6254-b033-61b9d7550000}3349/bin/tarroot 534500x800000000000000027837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.920{ec2a2542-2977-6254-406a-d739ca550000}3346/usr/bin/dpkg-debroot 154100x800000000000000027838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.935{ec2a2542-2977-6254-404a-2208c5550000}3350/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/07-libatomic1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.937{ec2a2542-2977-6254-0000-000000000000}3351-root 534500x800000000000000027841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.938{ec2a2542-2977-6254-404a-2208c5550000}3350/usr/bin/dpkg-debroot 534500x800000000000000027840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.938{00000000-0000-0000-0000-000000000000}3352<unknown process>root 154100x800000000000000027842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.957{ec2a2542-2977-6254-7083-8d1ff4550000}3353/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.959{ec2a2542-2977-6254-d89f-c58e72550000}3354/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/08-libgcc-7-dev-mipsel-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.959{ec2a2542-2977-6254-7083-8d1ff4550000}3353/bin/rmroot 23542300x800000000000000027843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.959{ec2a2542-2977-6254-7083-8d1ff4550000}3353root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.961{ec2a2542-2977-6254-404a-835c15560000}3355/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/08-libgcc-7-dev-mipsel-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.961{ec2a2542-2977-6254-d89f-c58e72550000}3354/usr/bin/dpkg-splitroot 154100x800000000000000027849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.963{ec2a2542-2977-6254-b003-da4863550000}3358/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2977-6254-404a-835c15560000}3355/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.963{ec2a2542-2977-6254-0000-000000000000}3356-root 534500x800000000000000027850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.964{ec2a2542-2977-6254-0000-000000000000}3357-root 534500x800000000000000027852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.965{ec2a2542-2977-6254-404a-835c15560000}3355/usr/bin/dpkg-debroot 534500x800000000000000027851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.965{ec2a2542-2977-6254-b003-da4863550000}3358/bin/tarroot 154100x800000000000000027853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:27.981{ec2a2542-2977-6254-40aa-01d082550000}3359/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/08-libgcc-7-dev-mipsel-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.015{ec2a2542-2977-6254-0000-000000000000}3360-root 534500x800000000000000027856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.024{ec2a2542-2977-6254-40aa-01d082550000}3359/usr/bin/dpkg-debroot 534500x800000000000000027855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.024{00000000-0000-0000-0000-000000000000}3361<unknown process>root 154100x800000000000000027857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.075{ec2a2542-2978-6254-7023-fea229560000}3362/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.076{ec2a2542-2978-6254-d8bf-ef0593550000}3363/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/09-gcc-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.076{ec2a2542-2978-6254-7023-fea229560000}3362/bin/rmroot 23542300x800000000000000027858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.076{ec2a2542-2978-6254-7023-fea229560000}3362root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.078{ec2a2542-2978-6254-408a-070adc550000}3364/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/09-gcc-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.078{ec2a2542-2978-6254-d8bf-ef0593550000}3363/usr/bin/dpkg-splitroot 154100x800000000000000027864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.080{ec2a2542-2978-6254-b0a3-e68954560000}3367/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2978-6254-408a-070adc550000}3364/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.081{ec2a2542-2978-6254-0000-000000000000}3366-root 534500x800000000000000027863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.081{ec2a2542-2978-6254-0000-000000000000}3365-root 534500x800000000000000027866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.084{ec2a2542-2978-6254-b0a3-e68954560000}3367/bin/tarroot 534500x800000000000000027867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.086{ec2a2542-2978-6254-408a-070adc550000}3364/usr/bin/dpkg-debroot 154100x800000000000000027868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.105{ec2a2542-2978-6254-68e2-d33dfa550000}3368/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.106{ec2a2542-2978-6254-400a-668d4e560000}3369/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/09-gcc-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.106{ec2a2542-2978-6254-68e2-d33dfa550000}3368/bin/dashroot 534500x800000000000000027871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.777{ec2a2542-2978-6254-0000-000000000000}3370-root 534500x800000000000000027873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.782{ec2a2542-2978-6254-400a-668d4e560000}3369/usr/bin/dpkg-debroot 534500x800000000000000027872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.782{00000000-0000-0000-0000-000000000000}3371<unknown process>root 154100x800000000000000027874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.808{ec2a2542-2978-6254-7063-0400ca550000}3372/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000027875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.809{ec2a2542-2978-6254-7063-0400ca550000}3372root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.810{ec2a2542-2978-6254-d89f-29bc09560000}3373/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/10-gcc-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.810{ec2a2542-2978-6254-7063-0400ca550000}3372/bin/rmroot 154100x800000000000000027879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.811{ec2a2542-2978-6254-408a-8cfacb550000}3374/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/10-gcc-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.811{ec2a2542-2978-6254-d89f-29bc09560000}3373/usr/bin/dpkg-splitroot 154100x800000000000000027881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.813{ec2a2542-2978-6254-b0f3-588321560000}3377/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2978-6254-408a-8cfacb550000}3374/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.813{ec2a2542-2978-6254-0000-000000000000}3375-root 534500x800000000000000027882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.814{ec2a2542-2978-6254-0000-000000000000}3376-root 534500x800000000000000027883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.816{ec2a2542-2978-6254-b0f3-588321560000}3377/bin/tarroot 534500x800000000000000027884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.820{ec2a2542-2978-6254-408a-8cfacb550000}3374/usr/bin/dpkg-debroot 154100x800000000000000027885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.834{ec2a2542-2978-6254-405a-9d6bdc550000}3378/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/10-gcc-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.836{ec2a2542-2978-6254-0000-000000000000}3379-root 534500x800000000000000027888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.837{ec2a2542-2978-6254-405a-9d6bdc550000}3378/usr/bin/dpkg-debroot 534500x800000000000000027887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.837{00000000-0000-0000-0000-000000000000}3380<unknown process>root 154100x800000000000000027889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.857{ec2a2542-2978-6254-7053-55087b550000}3381/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.859{ec2a2542-2978-6254-d8df-3e32ac550000}3382/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/11-linux-libc-dev-mipsel-cross_4.15.0-35.38cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.859{ec2a2542-2978-6254-7053-55087b550000}3381/bin/rmroot 23542300x800000000000000027890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.859{ec2a2542-2978-6254-7053-55087b550000}3381root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.861{ec2a2542-2978-6254-40fa-b4d55b550000}3383/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/11-linux-libc-dev-mipsel-cross_4.15.0-35.38cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.861{ec2a2542-2978-6254-d8df-3e32ac550000}3382/usr/bin/dpkg-splitroot 154100x800000000000000027896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.863{ec2a2542-2978-6254-b0e3-5e392b560000}3386/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2978-6254-40fa-b4d55b550000}3383/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.863{ec2a2542-2978-6254-0000-000000000000}3384-root 534500x800000000000000027897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.866{ec2a2542-2978-6254-0000-000000000000}3385-root 534500x800000000000000027899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.867{ec2a2542-2978-6254-40fa-b4d55b550000}3383/usr/bin/dpkg-debroot 534500x800000000000000027898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.867{ec2a2542-2978-6254-b0e3-5e392b560000}3386/bin/tarroot 154100x800000000000000027900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:28.905{ec2a2542-2978-6254-40fa-ac04ca550000}3387/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/11-linux-libc-dev-mipsel-cross_4.15.0-35.38cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.236{ec2a2542-2978-6254-0000-000000000000}3388-root 534500x800000000000000027903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.248{ec2a2542-2978-6254-40fa-ac04ca550000}3387/usr/bin/dpkg-debroot 534500x800000000000000027902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.248{00000000-0000-0000-0000-000000000000}3389<unknown process>root 154100x800000000000000027904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.299{ec2a2542-2979-6254-70f3-205658550000}3390/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000027905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.300{ec2a2542-2979-6254-70f3-205658550000}3390root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000027907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.301{ec2a2542-2979-6254-d84f-7cc955550000}3391/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-UoEDCG/12-libc6-dev-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.301{ec2a2542-2979-6254-70f3-205658550000}3390/bin/rmroot 534500x800000000000000027908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.302{ec2a2542-2979-6254-d84f-7cc955550000}3391/usr/bin/dpkg-splitroot 154100x800000000000000027909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.303{ec2a2542-2979-6254-40fa-ccac59550000}3392/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-UoEDCG/12-libc6-dev-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.304{ec2a2542-2979-6254-b033-691196550000}3395/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-40fa-ccac59550000}3392/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000027910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.304{ec2a2542-2979-6254-0000-000000000000}3393-root 534500x800000000000000027912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.307{ec2a2542-2979-6254-0000-000000000000}3394-root 534500x800000000000000027913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.308{ec2a2542-2979-6254-b033-691196550000}3395/bin/tarroot 534500x800000000000000027914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.309{ec2a2542-2979-6254-40fa-ccac59550000}3392/usr/bin/dpkg-debroot 154100x800000000000000027915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.326{ec2a2542-2979-6254-400a-fe507f550000}3396/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-UoEDCG/12-libc6-dev-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.679{ec2a2542-2979-6254-0000-000000000000}3397-root 534500x800000000000000027918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.690{ec2a2542-2979-6254-400a-fe507f550000}3396/usr/bin/dpkg-debroot 534500x800000000000000027917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.690{00000000-0000-0000-0000-000000000000}3398<unknown process>root 154100x800000000000000027919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.744{ec2a2542-2979-6254-7003-752763550000}3399/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000027921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.746{ec2a2542-2979-6254-7003-752763550000}3399/bin/rmroot 23542300x800000000000000027920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.746{ec2a2542-2979-6254-7003-752763550000}3399root/bin/rm/var/lib/dpkg/tmp.ci/control--- 23542300x800000000000000027922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.753{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000027934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000027933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000027932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000027931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000027930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000027929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000027928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000027927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000027926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000027925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000027924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000027923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.755{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000027963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000027962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000027961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000027960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000027959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000027958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000027957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000027956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000027955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000027954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000027953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000027952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000027951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000027950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000027949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000027948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000027947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000027946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000027945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000027944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000027943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000027942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000027941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000027940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000027939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000027938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000027937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000027936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000027935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.756{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000027964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.759{ec2a2542-2976-6254-7061-3eb7bf550000}3280root/usr/bin/dpkg/var/lib/dpkg/updates/tmp.i--- 534500x800000000000000027965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.761{ec2a2542-2976-6254-7061-3eb7bf550000}3280/usr/bin/dpkgroot 23542300x800000000000000027977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/05-libgcc1-mipsel-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/03-binutils-mipsel-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb--- 23542300x800000000000000027975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/09-gcc-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/02-cpp-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb--- 23542300x800000000000000027973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/06-libgomp1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/10-gcc-mipsel-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb--- 23542300x800000000000000027971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/07-libatomic1-mipsel-cross_8.4.0-1ubuntu1~18.04cross1_all.deb--- 23542300x800000000000000027970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/04-libc6-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb--- 23542300x800000000000000027969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/11-linux-libc-dev-mipsel-cross_4.15.0-35.38cross1.2_all.deb--- 23542300x800000000000000027968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/00-gcc-7-mipsel-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/01-cpp-7-mipsel-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb--- 23542300x800000000000000027966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.763{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/08-libgcc-7-dev-mipsel-cross_7.5.0-3ubuntu1~18.04cross1_all.deb--- 154100x800000000000000027979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.764{ec2a2542-2979-6254-7021-5be5cd550000}3400/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --configure --pending/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 23542300x800000000000000027978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.764{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/apt-dpkg-install-UoEDCG/12-libc6-dev-mipsel-cross_2.27-3ubuntu1cross1.2_all.deb--- 154100x800000000000000027980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.938{ec2a2542-2979-6254-6832-b9a05f550000}3401/bin/dash-----/bin/sh /var/lib/dpkg/info/libc-bin.postinst triggered ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-7021-5be5cd550000}3400/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.940{ec2a2542-2979-6254-b8a1-ecb6887f0000}3402/sbin/ldconfig.real-----/sbin/ldconfig.real/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-6832-b9a05f550000}3401/bin/dash/bin/shroot 154100x800000000000000027981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.940{ec2a2542-2979-6254-68b2-554fef550000}3402/bin/dash-----/bin/sh /sbin/ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-6832-b9a05f550000}3401/bin/dash/bin/shroot 534500x800000000000000027984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.949{ec2a2542-2979-6254-6832-b9a05f550000}3401/bin/dashroot 534500x800000000000000027983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.949{ec2a2542-2979-6254-68b2-554fef550000}3402/bin/dashroot 154100x800000000000000027985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.959{ec2a2542-2979-6254-6842-68aa26560000}3403/bin/dash-----/bin/sh /var/lib/dpkg/info/man-db.postinst triggered /usr/share/man/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-7021-5be5cd550000}3400/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000027987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.961{ec2a2542-2979-6254-804a-2e46b2550000}3404/usr/bin/mandb-----/usr/bin/mandb -pq/man{ec2a2542-0000-0000-0600-000001000000}64no level-{ec2a2542-2979-6254-6842-68aa26560000}3403/bin/dash/bin/shroot 154100x800000000000000027986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.961{ec2a2542-2979-6254-9837-dd7634560000}3404/usr/bin/perl-----perl -e @pwd = getpwnam("man"); $) = $( = $pwd[3]; $> = $< = $pwd[2]; exec "/usr/bin/mandb", @ARGV -- -pq/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2979-6254-6842-68aa26560000}3403/bin/dash/bin/shroot 534500x800000000000000027988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.990{00000000-0000-0000-0000-000000000000}3405<unknown process>man 534500x800000000000000027990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.994{ec2a2542-2979-6254-0000-000000000000}3408-man 534500x800000000000000027989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.994{00000000-0000-0000-0000-000000000000}3406<unknown process>man 534500x800000000000000027991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:29.995{ec2a2542-2979-6254-0000-000000000000}3407-man 534500x800000000000000027992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.001{00000000-0000-0000-0000-000000000000}3409<unknown process>man 534500x800000000000000027993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.010{ec2a2542-2979-6254-0000-000000000000}3410-man 534500x800000000000000027995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.011{00000000-0000-0000-0000-000000000000}3411<unknown process>man 534500x800000000000000027994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.011{ec2a2542-2979-6254-0000-000000000000}3412-man 534500x800000000000000027996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.015{00000000-0000-0000-0000-000000000000}3413<unknown process>man 534500x800000000000000027997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.018{00000000-0000-0000-0000-000000000000}3414<unknown process>man 534500x800000000000000027999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.019{ec2a2542-297a-6254-0000-000000000000}3415-man 534500x800000000000000027998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.019{ec2a2542-297a-6254-0000-000000000000}3416-man 534500x800000000000000028000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.025{00000000-0000-0000-0000-000000000000}3417<unknown process>man 534500x800000000000000028001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.031{ec2a2542-297a-6254-0000-000000000000}3418-man 534500x800000000000000028003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.032{ec2a2542-297a-6254-0000-000000000000}3419-man 534500x800000000000000028002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.032{ec2a2542-297a-6254-0000-000000000000}3420-man 534500x800000000000000028004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.036{ec2a2542-297a-6254-0000-000000000000}3421-man 534500x800000000000000028006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.040{ec2a2542-297a-6254-0000-000000000000}3424-man 534500x800000000000000028005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.040{ec2a2542-297a-6254-0000-000000000000}3422-man 534500x800000000000000028007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.041{ec2a2542-297a-6254-0000-000000000000}3423-man 534500x800000000000000028008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.044{ec2a2542-297a-6254-0000-000000000000}3425-man 534500x800000000000000028010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.048{ec2a2542-297a-6254-0000-000000000000}3428-man 534500x800000000000000028009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.048{ec2a2542-297a-6254-0000-000000000000}3426-man 534500x800000000000000028011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.049{ec2a2542-297a-6254-0000-000000000000}3427-man 534500x800000000000000028012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.052{ec2a2542-297a-6254-0000-000000000000}3429-man 534500x800000000000000028013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.055{ec2a2542-297a-6254-0000-000000000000}3430-man 534500x800000000000000028014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.056{ec2a2542-297a-6254-0000-000000000000}3432-man 534500x800000000000000028015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.057{ec2a2542-297a-6254-0000-000000000000}3431-man 534500x800000000000000028016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.060{ec2a2542-297a-6254-0000-000000000000}3433-man 534500x800000000000000028017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.065{ec2a2542-297a-6254-0000-000000000000}3434-man 534500x800000000000000028019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.066{ec2a2542-297a-6254-0000-000000000000}3435-man 534500x800000000000000028018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.066{ec2a2542-297a-6254-0000-000000000000}3436-man 534500x800000000000000028020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.069{ec2a2542-297a-6254-0000-000000000000}3437-man 534500x800000000000000028022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.073{ec2a2542-297a-6254-0000-000000000000}3440-man 534500x800000000000000028021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.073{ec2a2542-297a-6254-0000-000000000000}3438-man 534500x800000000000000028023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.074{00000000-0000-0000-0000-000000000000}3439<unknown process>man 534500x800000000000000028024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.077{00000000-0000-0000-0000-000000000000}3441<unknown process>man 534500x800000000000000028025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.080{ec2a2542-297a-6254-0000-000000000000}3442-man 534500x800000000000000028027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.081{ec2a2542-297a-6254-0000-000000000000}3443-man 534500x800000000000000028026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.081{ec2a2542-297a-6254-0000-000000000000}3444-man 534500x800000000000000028028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.084{ec2a2542-297a-6254-0000-000000000000}3445-man 534500x800000000000000028029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.088{ec2a2542-297a-6254-0000-000000000000}3446-man 534500x800000000000000028030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.091{ec2a2542-297a-6254-0000-000000000000}3448-man 534500x800000000000000028031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.092{00000000-0000-0000-0000-000000000000}3447<unknown process>man 534500x800000000000000028032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.095{ec2a2542-297a-6254-0000-000000000000}3449-man 534500x800000000000000028033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.098{ec2a2542-297a-6254-0000-000000000000}3450-man 534500x800000000000000028035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.099{ec2a2542-297a-6254-0000-000000000000}3451-man 534500x800000000000000028034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.099{ec2a2542-297a-6254-0000-000000000000}3452-man 534500x800000000000000028036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.103{00000000-0000-0000-0000-000000000000}3453<unknown process>man 534500x800000000000000028037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.106{ec2a2542-297a-6254-0000-000000000000}3454-man 534500x800000000000000028039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.107{00000000-0000-0000-0000-000000000000}3455<unknown process>man 534500x800000000000000028038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.107{ec2a2542-297a-6254-0000-000000000000}3456-man 534500x800000000000000028040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.122{ec2a2542-297a-6254-0000-000000000000}3457-man 534500x800000000000000028041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.126{ec2a2542-297a-6254-0000-000000000000}3458-man 534500x800000000000000028042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.134{ec2a2542-297a-6254-0000-000000000000}3460-man 534500x800000000000000028043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.135{ec2a2542-297a-6254-0000-000000000000}3459-man 534500x800000000000000028044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.140{ec2a2542-297a-6254-0000-000000000000}3461-man 534500x800000000000000028045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.143{ec2a2542-297a-6254-0000-000000000000}3462-man 534500x800000000000000028046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.144{ec2a2542-297a-6254-0000-000000000000}3464-man 534500x800000000000000028047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.146{ec2a2542-297a-6254-0000-000000000000}3463-man 534500x800000000000000028048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.149{00000000-0000-0000-0000-000000000000}3465<unknown process>man 534500x800000000000000028049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.152{ec2a2542-297a-6254-0000-000000000000}3466-man 534500x800000000000000028050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.153{ec2a2542-297a-6254-0000-000000000000}3468-man 534500x800000000000000028051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.154{ec2a2542-297a-6254-0000-000000000000}3467-man 534500x800000000000000028052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.158{ec2a2542-297a-6254-0000-000000000000}3469-man 534500x800000000000000028053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.161{ec2a2542-297a-6254-0000-000000000000}3470-man 534500x800000000000000028054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.162{ec2a2542-297a-6254-0000-000000000000}3472-man 534500x800000000000000028055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.163{ec2a2542-297a-6254-0000-000000000000}3471-man 534500x800000000000000028056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.167{00000000-0000-0000-0000-000000000000}3473<unknown process>man 534500x800000000000000028058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.170{ec2a2542-297a-6254-0000-000000000000}3476-man 534500x800000000000000028057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.170{ec2a2542-297a-6254-0000-000000000000}3474-man 534500x800000000000000028059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.172{00000000-0000-0000-0000-000000000000}3475<unknown process>man 534500x800000000000000028060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.175{00000000-0000-0000-0000-000000000000}3477<unknown process>man 534500x800000000000000028061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.178{ec2a2542-297a-6254-0000-000000000000}3478-man 534500x800000000000000028062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.179{ec2a2542-297a-6254-0000-000000000000}3480-man 534500x800000000000000028063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.180{00000000-0000-0000-0000-000000000000}3479<unknown process>man 534500x800000000000000028064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.183{00000000-0000-0000-0000-000000000000}3481<unknown process>man 534500x800000000000000028066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.187{ec2a2542-297a-6254-0000-000000000000}3484-man 534500x800000000000000028065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.187{ec2a2542-297a-6254-0000-000000000000}3482-man 534500x800000000000000028067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.188{ec2a2542-297a-6254-0000-000000000000}3483-man 534500x800000000000000028068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.192{00000000-0000-0000-0000-000000000000}3485<unknown process>man 534500x800000000000000028069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.195{ec2a2542-297a-6254-0000-000000000000}3486-man 534500x800000000000000028070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.196{ec2a2542-297a-6254-0000-000000000000}3488-man 534500x800000000000000028071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.197{00000000-0000-0000-0000-000000000000}3487<unknown process>man 534500x800000000000000028072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.200{ec2a2542-297a-6254-0000-000000000000}3489-man 534500x800000000000000028073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.203{ec2a2542-297a-6254-0000-000000000000}3490-man 534500x800000000000000028075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.204{ec2a2542-297a-6254-0000-000000000000}3491-man 534500x800000000000000028074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.204{ec2a2542-297a-6254-0000-000000000000}3492-man 534500x800000000000000028076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.207{00000000-0000-0000-0000-000000000000}3493<unknown process>man 534500x800000000000000028077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.210{ec2a2542-297a-6254-0000-000000000000}3494-man 534500x800000000000000028079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.211{00000000-0000-0000-0000-000000000000}3495<unknown process>man 534500x800000000000000028078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.211{ec2a2542-297a-6254-0000-000000000000}3496-man 534500x800000000000000028080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.214{00000000-0000-0000-0000-000000000000}3497<unknown process>man 534500x800000000000000028082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.218{ec2a2542-297a-6254-0000-000000000000}3500-man 534500x800000000000000028081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.218{ec2a2542-297a-6254-0000-000000000000}3498-man 534500x800000000000000028083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.219{ec2a2542-297a-6254-0000-000000000000}3499-man 534500x800000000000000028084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.222{00000000-0000-0000-0000-000000000000}3501<unknown process>man 534500x800000000000000028085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.226{ec2a2542-297a-6254-0000-000000000000}3502-man 534500x800000000000000028086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.227{ec2a2542-297a-6254-0000-000000000000}3504-man 534500x800000000000000028087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.229{ec2a2542-297a-6254-0000-000000000000}3503-man 534500x800000000000000028088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.232{ec2a2542-297a-6254-0000-000000000000}3505-man 534500x800000000000000028089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.235{ec2a2542-297a-6254-0000-000000000000}3506-man 534500x800000000000000028091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.236{ec2a2542-297a-6254-0000-000000000000}3507-man 534500x800000000000000028090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.236{ec2a2542-297a-6254-0000-000000000000}3508-man 534500x800000000000000028092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.240{ec2a2542-297a-6254-0000-000000000000}3509-man 534500x800000000000000028093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.243{ec2a2542-297a-6254-0000-000000000000}3510-man 534500x800000000000000028094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.244{ec2a2542-297a-6254-0000-000000000000}3512-man 534500x800000000000000028095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.245{ec2a2542-297a-6254-0000-000000000000}3511-man 534500x800000000000000028096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.248{00000000-0000-0000-0000-000000000000}3513<unknown process>man 534500x800000000000000028097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.251{ec2a2542-297a-6254-0000-000000000000}3514-man 534500x800000000000000028099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.252{ec2a2542-297a-6254-0000-000000000000}3515-man 534500x800000000000000028098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.252{ec2a2542-297a-6254-0000-000000000000}3516-man 534500x800000000000000028100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.255{00000000-0000-0000-0000-000000000000}3517<unknown process>man 534500x800000000000000028101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.259{ec2a2542-297a-6254-0000-000000000000}3518-man 534500x800000000000000028102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.260{ec2a2542-297a-6254-0000-000000000000}3520-man 534500x800000000000000028103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.261{ec2a2542-297a-6254-0000-000000000000}3519-man 534500x800000000000000028104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.264{00000000-0000-0000-0000-000000000000}3521<unknown process>man 534500x800000000000000028105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.266{ec2a2542-297a-6254-0000-000000000000}3522-man 534500x800000000000000028106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.267{ec2a2542-297a-6254-0000-000000000000}3524-man 534500x800000000000000028107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.268{ec2a2542-297a-6254-0000-000000000000}3523-man 534500x800000000000000028108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.271{00000000-0000-0000-0000-000000000000}3525<unknown process>man 534500x800000000000000028109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.274{ec2a2542-297a-6254-0000-000000000000}3526-man 534500x800000000000000028110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.275{ec2a2542-297a-6254-0000-000000000000}3528-man 534500x800000000000000028111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.276{ec2a2542-297a-6254-0000-000000000000}3527-man 534500x800000000000000028112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.279{ec2a2542-297a-6254-0000-000000000000}3529-man 534500x800000000000000028114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.283{ec2a2542-297a-6254-0000-000000000000}3532-man 534500x800000000000000028113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.283{ec2a2542-297a-6254-0000-000000000000}3530-man 534500x800000000000000028115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.284{ec2a2542-297a-6254-0000-000000000000}3531-man 534500x800000000000000028116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.288{00000000-0000-0000-0000-000000000000}3533<unknown process>man 534500x800000000000000028117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.292{00000000-0000-0000-0000-000000000000}3534<unknown process>man 534500x800000000000000028118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.293{ec2a2542-297a-6254-0000-000000000000}3536-man 534500x800000000000000028119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.294{ec2a2542-297a-6254-0000-000000000000}3535-man 534500x800000000000000028120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.297{00000000-0000-0000-0000-000000000000}3537<unknown process>man 534500x800000000000000028121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.304{ec2a2542-297a-6254-0000-000000000000}3538-man 534500x800000000000000028123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.308{00000000-0000-0000-0000-000000000000}3539<unknown process>man 534500x800000000000000028122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.308{00000000-0000-0000-0000-000000000000}3540<unknown process>man 534500x800000000000000028124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.311{00000000-0000-0000-0000-000000000000}3541<unknown process>man 534500x800000000000000028125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.314{ec2a2542-297a-6254-0000-000000000000}3542-man 534500x800000000000000028126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.315{ec2a2542-297a-6254-0000-000000000000}3544-man 534500x800000000000000028127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.316{ec2a2542-297a-6254-0000-000000000000}3543-man 534500x800000000000000028128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.319{00000000-0000-0000-0000-000000000000}3545<unknown process>man 534500x800000000000000028129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.322{ec2a2542-297a-6254-0000-000000000000}3546-man 534500x800000000000000028130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.323{ec2a2542-297a-6254-0000-000000000000}3548-man 534500x800000000000000028131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.324{ec2a2542-297a-6254-0000-000000000000}3547-man 534500x800000000000000028132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.328{00000000-0000-0000-0000-000000000000}3549<unknown process>man 534500x800000000000000028134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.331{ec2a2542-297a-6254-0000-000000000000}3552-man 534500x800000000000000028133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.331{ec2a2542-297a-6254-0000-000000000000}3550-man 534500x800000000000000028135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.332{00000000-0000-0000-0000-000000000000}3551<unknown process>man 534500x800000000000000028136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.336{00000000-0000-0000-0000-000000000000}3553<unknown process>man 534500x800000000000000028137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.358{ec2a2542-297a-6254-0000-000000000000}3554-man 534500x800000000000000028138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.359{ec2a2542-297a-6254-0000-000000000000}3556-man 534500x800000000000000028139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.360{00000000-0000-0000-0000-000000000000}3555<unknown process>man 534500x800000000000000028140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.364{00000000-0000-0000-0000-000000000000}3557<unknown process>man 534500x800000000000000028141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.367{ec2a2542-297a-6254-0000-000000000000}3558-man 534500x800000000000000028142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.368{ec2a2542-297a-6254-0000-000000000000}3560-man 534500x800000000000000028143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.369{ec2a2542-297a-6254-0000-000000000000}3559-man 23542300x800000000000000028145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.375{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/da/3404--- 23542300x800000000000000028144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.375{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/hu/3404--- 23542300x800000000000000028149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.376{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/sl/3404--- 23542300x800000000000000028148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.376{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/ru/3404--- 23542300x800000000000000028147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.376{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/id/3404--- 23542300x800000000000000028146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.376{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/cs/3404--- 23542300x800000000000000028153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.377{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/ko/3404--- 23542300x800000000000000028152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.377{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/it/3404--- 23542300x800000000000000028151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.377{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/zh_CN/3404--- 23542300x800000000000000028150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.377{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/tr/3404--- 23542300x800000000000000028156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.378{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/pt_BR/3404--- 23542300x800000000000000028155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.378{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/ja/3404--- 23542300x800000000000000028154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.378{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/fi/3404--- 23542300x800000000000000028160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.379{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/zh_TW/3404--- 23542300x800000000000000028159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.379{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/de/3404--- 23542300x800000000000000028158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.379{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/sv/3404--- 23542300x800000000000000028157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.379{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/pl/3404--- 23542300x800000000000000028164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.380{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/es/3404--- 23542300x800000000000000028163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.380{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/sr/3404--- 23542300x800000000000000028162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.380{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/pt/3404--- 23542300x800000000000000028161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.380{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/nl/3404--- 23542300x800000000000000028166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.381{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/oldlocal/3404--- 23542300x800000000000000028165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.381{ec2a2542-2979-6254-9837-dd7634560000}3404man/usr/bin/mandb/var/cache/man/fr/3404--- 534500x800000000000000028168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.382{ec2a2542-2979-6254-6842-68aa26560000}3403/bin/dashroot 534500x800000000000000028167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.382{ec2a2542-2979-6254-9837-dd7634560000}3404/usr/bin/perlman 23542300x800000000000000028169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.431{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000028202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000028201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000028200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000028199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000028198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000028197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000028196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000028195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000028194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000028193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000028192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000028191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000028190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000028189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000028188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000028187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000028186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000028185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000028184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000028183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000028182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000028181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000028180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000028179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000028178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000028177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000028176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000028175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000028174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000028173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000028172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000028171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000028170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.432{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000028212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0042--- 23542300x800000000000000028211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0041--- 23542300x800000000000000028210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000028209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000028208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000028207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000028206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000028205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000028204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000028203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.433{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000028215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.435{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/var/cache/apt/pkgcache.bin--- 534500x800000000000000028214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.435{ec2a2542-2979-6254-7021-5be5cd550000}3400/usr/bin/dpkgroot 23542300x800000000000000028213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.435{ec2a2542-2979-6254-7021-5be5cd550000}3400root/usr/bin/dpkg/var/lib/dpkg/updates/tmp.i--- 23542300x800000000000000028216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.436{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.VQHf7w--- 23542300x800000000000000028217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.440{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.mWpGCn--- 23542300x800000000000000028218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.445{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.ZZiO8d--- 23542300x800000000000000028219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.447{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.q5lkF4--- 23542300x800000000000000028220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.448{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.dc56bV--- 23542300x800000000000000028221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.453{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.6s0JJL--- 23542300x800000000000000028222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.456{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.RODIhC--- 23542300x800000000000000028223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.460{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.oOVtQs--- 23542300x800000000000000028224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.462{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.HpOwpj--- 23542300x800000000000000028225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.464{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.GetWY9--- 23542300x800000000000000028226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.465{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.rTYAy0--- 23542300x800000000000000028227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.467{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.831s8Q--- 23542300x800000000000000028228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.468{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.XBtzIH--- 23542300x800000000000000028229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.470{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.ismXiy--- 23542300x800000000000000028230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.471{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.RtvBTo--- 23542300x800000000000000028231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.473{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.A8vvuf--- 23542300x800000000000000028232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.474{ec2a2542-2974-6254-ccaf-4d0863550000}3217root/usr/bin/apt-get/tmp/fileutl.message.BsGG55--- 154100x800000000000000028233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.475{ec2a2542-297a-6254-70c1-120a67550000}3561/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000028234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.478{ec2a2542-297a-6254-70c1-120a67550000}3561/usr/bin/dpkgroot 154100x800000000000000028235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.523{ec2a2542-297a-6254-7091-0318dc550000}3562/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000028236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.528{ec2a2542-297a-6254-7091-0318dc550000}3562/usr/bin/dpkgroot 154100x800000000000000028237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.616{ec2a2542-297a-6254-7011-8466a0550000}3563/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 534500x800000000000000028238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.620{ec2a2542-297a-6254-7011-8466a0550000}3563/usr/bin/dpkgroot 154100x800000000000000028239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.641{ec2a2542-297a-6254-6892-4b85ac550000}3565/bin/dash-----sh -c if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3564--- 154100x800000000000000028240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.642{ec2a2542-297a-6254-10d0-5d1a05560000}3566/bin/touch-----touch /var/lib/update-notifier/dpkg-run-stamp/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-6892-4b85ac550000}3565/bin/dashshroot 154100x800000000000000028242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.643{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-6892-4b85ac550000}3565/bin/dashshroot 534500x800000000000000028241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.643{ec2a2542-297a-6254-10d0-5d1a05560000}3566/bin/touchroot 154100x800000000000000028243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.644{ec2a2542-297a-6254-73d4-38c8ba550000}3568/usr/bin/apt-config-----apt-config shell StateDir Dir::State/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.649{ec2a2542-297a-6254-7051-8ba1c9550000}3569/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-73d4-38c8ba550000}3568/usr/bin/apt-configapt-configroot 534500x800000000000000028245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.651{ec2a2542-297a-6254-7051-8ba1c9550000}3569/usr/bin/dpkgroot 154100x800000000000000028247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.652{ec2a2542-297a-6254-7344-0da231560000}3570/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 534500x800000000000000028246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.652{ec2a2542-297a-6254-73d4-38c8ba550000}3568/usr/bin/apt-configroot 154100x800000000000000028248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.656{ec2a2542-297a-6254-7081-1f4ede550000}3571/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-7344-0da231560000}3570/usr/bin/apt-configapt-configroot 534500x800000000000000028250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.659{ec2a2542-297a-6254-7344-0da231560000}3570/usr/bin/apt-configroot 534500x800000000000000028249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.659{ec2a2542-297a-6254-7081-1f4ede550000}3571/usr/bin/dpkgroot 154100x800000000000000028251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.660{ec2a2542-297a-6254-7364-04a751560000}3572/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.664{ec2a2542-297a-6254-7061-4bea59550000}3573/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-7364-04a751560000}3572/usr/bin/apt-configapt-configroot 534500x800000000000000028253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.666{ec2a2542-297a-6254-7061-4bea59550000}3573/usr/bin/dpkgroot 154100x800000000000000028255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.667{ec2a2542-297a-6254-7364-0fd801560000}3574/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 534500x800000000000000028254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.667{ec2a2542-297a-6254-7364-04a751560000}3572/usr/bin/apt-configroot 154100x800000000000000028256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.672{ec2a2542-297a-6254-7011-571c41560000}3575/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-7364-0fd801560000}3574/usr/bin/apt-configapt-configroot 534500x800000000000000028258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.674{ec2a2542-297a-6254-7364-0fd801560000}3574/usr/bin/apt-configroot 534500x800000000000000028257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.674{ec2a2542-297a-6254-7011-571c41560000}3575/usr/bin/dpkgroot 154100x800000000000000028259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.675{ec2a2542-297a-6254-73a4-46c2ed550000}3576/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.679{ec2a2542-297a-6254-7081-749bb8550000}3577/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-73a4-46c2ed550000}3576/usr/bin/apt-configapt-configroot 534500x800000000000000028261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.681{ec2a2542-297a-6254-7081-749bb8550000}3577/usr/bin/dpkgroot 154100x800000000000000028263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.682{ec2a2542-297a-6254-90e0-0feb7c550000}3578/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/updates-available -print -quit/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 534500x800000000000000028262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.682{ec2a2542-297a-6254-73a4-46c2ed550000}3576/usr/bin/apt-configroot 154100x800000000000000028267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.684{ec2a2542-297a-6254-a800-7192cc550000}3579/bin/mktemp-----mktemp -p /var/lib/update-notifier/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.684{ec2a2542-297a-6254-e878-f3246e550000}3580/usr/bin/dirname-----dirname /var/lib/update-notifier/updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3579--- 534500x800000000000000028264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.684{ec2a2542-297a-6254-90e0-0feb7c550000}3578/usr/bin/findroot 534500x800000000000000028266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.686{ec2a2542-297a-6254-e878-f3246e550000}3580/usr/bin/dirnameroot 534500x800000000000000028268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.687{ec2a2542-297a-6254-a800-7192cc550000}3579/bin/mktemproot 154100x800000000000000028269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.688{ec2a2542-297a-6254-a036-7b0000000000}3581/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/update-notifier/apt-check --human-readable/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.777{ec2a2542-297a-6254-7091-f49af6550000}3582/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-a036-7b0000000000}3581/usr/bin/python3.6/usr/bin/python3root 23542300x800000000000000028272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.780{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.d1oHRd--- 534500x800000000000000028271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.780{ec2a2542-297a-6254-7091-f49af6550000}3582/usr/bin/dpkgroot 23542300x800000000000000028273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.785{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.auqrj5--- 23542300x800000000000000028274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.790{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.pcSWLW--- 23542300x800000000000000028275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.791{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.s5vIeO--- 23542300x800000000000000028276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.793{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.puRKHF--- 23542300x800000000000000028277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.797{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.CbGwbx--- 23542300x800000000000000028278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.799{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.RjXxFo--- 23542300x800000000000000028279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.803{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.0p2jag--- 23542300x800000000000000028280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.805{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.LSKmF7--- 23542300x800000000000000028281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.806{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.ac6BaZ--- 23542300x800000000000000028282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.807{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.h2S4FQ--- 23542300x800000000000000028283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.809{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.QBtMbI--- 23542300x800000000000000028284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.810{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.N4ULHz--- 23542300x800000000000000028285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.812{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.m1k0dr--- 23542300x800000000000000028286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.813{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.zC9tKi--- 23542300x800000000000000028287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.815{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.kJieha--- 23542300x800000000000000028288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.816{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.XBlhO1--- 154100x800000000000000028289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.818{ec2a2542-297a-6254-70a1-6ee42e560000}3583/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-a036-7b0000000000}3581/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000028290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:30.820{ec2a2542-297a-6254-70a1-6ee42e560000}3583/usr/bin/dpkgroot 23542300x800000000000000028291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.247{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.MGIdwU--- 23542300x800000000000000028292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.252{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.t3pSeN--- 23542300x800000000000000028293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.256{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.Ke8cYF--- 23542300x800000000000000028294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.257{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.52uOHy--- 23542300x800000000000000028295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.259{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.KrWFrr--- 23542300x800000000000000028296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.263{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.F9Fcck--- 23542300x800000000000000028297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.264{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.QmYZWc--- 23542300x800000000000000028298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.268{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.fmHsI5--- 23542300x800000000000000028299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.270{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.yXHbuY--- 23542300x800000000000000028300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.271{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.NHh8fR--- 23542300x800000000000000028301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.272{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.0nqi2J--- 23542300x800000000000000028302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.273{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.9gmFOC--- 23542300x800000000000000028303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.275{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.aQ5fBv--- 23542300x800000000000000028304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.276{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.Xf36no--- 23542300x800000000000000028305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.278{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.M6Fdbh--- 23542300x800000000000000028306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.279{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.pYQzY9--- 23542300x800000000000000028307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.281{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.soAdM2--- 154100x800000000000000028308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.282{ec2a2542-297b-6254-7021-6df242560000}3584/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-a036-7b0000000000}3581/usr/bin/python3.6/usr/bin/python3root 534500x800000000000000028309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.285{ec2a2542-297b-6254-7021-6df242560000}3584/usr/bin/dpkgroot 23542300x800000000000000028310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.550{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.FY8jjW--- 23542300x800000000000000028311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.554{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.KSweRP--- 23542300x800000000000000028312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.559{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.vVHPpJ--- 23542300x800000000000000028313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.560{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.0tWHYC--- 23542300x800000000000000028314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.562{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.V1GPxw--- 23542300x800000000000000028315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.566{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.8yPC7p--- 23542300x800000000000000028316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.567{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.Py9FHj--- 23542300x800000000000000028317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.571{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.kgjoid--- 23542300x800000000000000028318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.573{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.ngpnT6--- 23542300x800000000000000028319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.574{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.EvSzu0--- 23542300x800000000000000028320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.575{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.rjLZ5T--- 23542300x800000000000000028321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.576{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.syYCHN--- 23542300x800000000000000028322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.578{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.bdntjH--- 23542300x800000000000000028323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.579{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.4nhzVA--- 23542300x800000000000000028324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.581{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.zk0Uxu--- 23542300x800000000000000028325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.582{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.Gihwao--- 23542300x800000000000000028326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.584{ec2a2542-297a-6254-a036-7b0000000000}3581root/usr/bin/python3.6/tmp/fileutl.message.3tToNh--- 534500x800000000000000028327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.725{ec2a2542-297a-6254-a036-7b0000000000}3581/usr/bin/python3.6root 154100x800000000000000028328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.726{ec2a2542-297b-6254-885b-b58d45560000}3585/bin/mv-----mv /var/lib/update-notifier/tmp.QEDDqrk70N /var/lib/update-notifier/updates-available/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 154100x800000000000000028330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.727{ec2a2542-297b-6254-70c3-636adc550000}3586/bin/rm-----rm -f /var/lib/update-notifier/tmp.QEDDqrk70N/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dash/bin/shroot 534500x800000000000000028329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.727{ec2a2542-297b-6254-885b-b58d45560000}3585/bin/mvroot 534500x800000000000000028333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.728{ec2a2542-297a-6254-6892-4b85ac550000}3565/bin/dashroot 534500x800000000000000028332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.728{ec2a2542-297a-6254-68e2-99a28e550000}3567/bin/dashroot 534500x800000000000000028331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.728{ec2a2542-297b-6254-70c3-636adc550000}3586/bin/rmroot 23542300x800000000000000028336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.729{ec2a2542-0ffd-6254-8063-961ac7550000}918root/lib/systemd/systemd-logind/run/systemd/inhibit/3.ref--- 23542300x800000000000000028335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.729{ec2a2542-0ffd-6254-8063-961ac7550000}918root/lib/systemd/systemd-logind/run/systemd/inhibit/3--- 534500x800000000000000028334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.729{ec2a2542-297a-6254-0000-000000000000}3564-root 154100x800000000000000028337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.731{ec2a2542-297b-6254-68b2-78981e560000}3588/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3587--- 154100x800000000000000028338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.732{ec2a2542-297b-6254-eace-d628dd550000}3589/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-68b2-78981e560000}3588/bin/dashshroot 534500x800000000000000028341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.735{ec2a2542-297b-6254-0000-000000000000}3587-root 534500x800000000000000028340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.735{ec2a2542-297b-6254-68b2-78981e560000}3588/bin/dashroot 534500x800000000000000028339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.735{ec2a2542-297b-6254-eace-d628dd550000}3589/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x800000000000000028342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.737{ec2a2542-297b-6254-6842-21f747560000}3590/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getapt-getroot 154100x800000000000000028351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.738{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-6842-21f747560000}3590/bin/dash/bin/shroot 154100x800000000000000028343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.738{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-6842-21f747560000}3590/bin/dash/bin/shroot 534500x800000000000000028350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.751{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.770{ec2a2542-297b-6254-7038-ac51f8550000}3591/usr/bin/snaproot 534500x800000000000000028359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.772{ec2a2542-297b-6254-6842-21f747560000}3590/bin/dashroot 534500x800000000000000028358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.772{ec2a2542-297b-6254-e474-cb9d0f560000}3591/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.781{ec2a2542-2974-6254-08ae-51bf4f560000}3216/usr/bin/sudoroot 534500x800000000000000028360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.781{ec2a2542-2974-6254-ccaf-4d0863550000}3217/usr/bin/apt-getroot 154100x800000000000000028362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.782{ec2a2542-297b-6254-088e-a66bce550000}3605/usr/bin/sudo-----sudo apt-get install qemu qemu-user qemu-user-static -y/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2766--- 354300x800000000000000028364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.785{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-39800-false10.0.0.2-53- 354300x800000000000000028363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.785{ec2a2542-297b-6254-088e-a66bce550000}3605/usr/bin/sudoubuntuudptruefalse127.0.0.1-37330-false127.0.0.53-53- 354300x800000000000000028365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.786{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-38609-false10.0.0.2-53- 354300x800000000000000028369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.787{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55251- 354300x800000000000000028368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.787{ec2a2542-297b-6254-088e-a66bce550000}3605/usr/bin/sudoubuntuudptruefalse127.0.0.1-55251-false127.0.0.53-53- 354300x800000000000000028367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.787{ec2a2542-297b-6254-088e-a66bce550000}3605/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-55251- 354300x800000000000000028366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.787{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37330- 154100x800000000000000028370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.792{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-get-----apt-get install qemu qemu-user qemu-user-static -y/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-088e-a66bce550000}3605/usr/bin/sudosudoubuntu 154100x800000000000000028371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.797{ec2a2542-297b-6254-7031-0b8a5c550000}3607/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 534500x800000000000000028372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.805{ec2a2542-297b-6254-7031-0b8a5c550000}3607/usr/bin/dpkgroot 23542300x800000000000000028373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.806{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.pxGnui--- 23542300x800000000000000028374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.810{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.325AJc--- 23542300x800000000000000028375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.813{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 23542300x800000000000000028376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.814{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.dm4uZ6--- 23542300x800000000000000028377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.816{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.jAqEf1--- 23542300x800000000000000028378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.817{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.vyt2vV--- 23542300x800000000000000028379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.821{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.RVy5MP--- 23542300x800000000000000028380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.823{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.loun4J--- 23542300x800000000000000028381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.827{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.78XkmE--- 23542300x800000000000000028382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.828{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.nvJxEy--- 23542300x800000000000000028383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.829{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.Px5WWs--- 23542300x800000000000000028384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.830{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.TIVyfn--- 23542300x800000000000000028385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.832{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.nhznyh--- 23542300x800000000000000028386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.833{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.BfLoRb--- 23542300x800000000000000028387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.834{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.fBLEa6--- 23542300x800000000000000028388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.836{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.L249t0--- 23542300x800000000000000028389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.837{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.b0cUNU--- 154100x800000000000000028391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.839{ec2a2542-297b-6254-70d1-0d8484550000}3608/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 23542300x800000000000000028390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.839{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/fileutl.message.rrlU7O--- 534500x800000000000000028392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:31.842{ec2a2542-297b-6254-70d1-0d8484550000}3608/usr/bin/dpkgroot 154100x800000000000000028393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.253{ec2a2542-297c-6254-68b2-61e60e560000}3609/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000028401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.255{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68b2-61e60e560000}3609/bin/dash/bin/shroot 154100x800000000000000028394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.255{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68b2-61e60e560000}3609/bin/dash/bin/shroot 534500x800000000000000028400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.268{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.268{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.268{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.268{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.269{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.269{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.289{ec2a2542-297c-6254-70c8-b78035560000}3610/usr/bin/snaproot 534500x800000000000000028409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.291{ec2a2542-297c-6254-68b2-61e60e560000}3609/bin/dashroot 534500x800000000000000028408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.291{ec2a2542-297c-6254-e414-a05b40560000}3610/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000028410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.292{ec2a2542-297c-6254-6822-7d1b8a550000}3624/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3623--- 154100x800000000000000028411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.293{ec2a2542-297c-6254-ea7e-5b933f560000}3625/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-6822-7d1b8a550000}3624/bin/dashshroot 534500x800000000000000028414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.297{ec2a2542-297b-6254-0000-000000000000}3623-root 534500x800000000000000028413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.297{ec2a2542-297c-6254-6822-7d1b8a550000}3624/bin/dashroot 534500x800000000000000028412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.297{ec2a2542-297c-6254-ea7e-5b933f560000}3625/usr/lib/ubuntu-advantage/apt-esm-hookroot 154100x800000000000000028415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.315{ec2a2542-297c-6254-b9d3-5b2816560000}3626/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 534500x800000000000000028416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.321{ec2a2542-297c-6254-b9d3-5b2816560000}3626/usr/lib/apt/methods/httproot 154100x800000000000000028417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.440{ec2a2542-297c-6254-68f2-b90ea2550000}3627/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000028425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.441{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68f2-b90ea2550000}3627/bin/dash/bin/shroot 154100x800000000000000028418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.441{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68f2-b90ea2550000}3627/bin/dash/bin/shroot 534500x800000000000000028424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.455{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.478{ec2a2542-297c-6254-7058-52ecc5550000}3628/usr/bin/snaproot 534500x800000000000000028434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.479{ec2a2542-297c-6254-68f2-b90ea2550000}3627/bin/dashroot 534500x800000000000000028433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.479{ec2a2542-297c-6254-e414-d0be3f560000}3628/snap/snapd/15177/usr/bin/snaproot 154100x800000000000000028435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.491{ec2a2542-297c-6254-68f2-f5bce1550000}3642/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000028444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.493{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68f2-f5bce1550000}3642/bin/dash/bin/shroot 154100x800000000000000028436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.493{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297c-6254-68f2-f5bce1550000}3642/bin/dash/bin/shroot 534500x800000000000000028443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.513{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 534500x800000000000000028445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.538{ec2a2542-297c-6254-70f8-066fff550000}3643/usr/bin/snaproot 534500x800000000000000028453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.539{ec2a2542-297c-6254-68f2-f5bce1550000}3642/bin/dashroot 534500x800000000000000028452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.539{ec2a2542-297c-6254-e4a4-5492a2550000}3643/snap/snapd/15177/usr/bin/snaproot 23542300x800000000000000028467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.pzfxrY--- 23542300x800000000000000028466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.HqFNc2--- 23542300x800000000000000028465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Xgv4X5--- 23542300x800000000000000028464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.3NMlJ9--- 23542300x800000000000000028463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5muDud--- 23542300x800000000000000028462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.PEzVfh--- 23542300x800000000000000028461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.P64d1k--- 23542300x800000000000000028460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Rq2wMo--- 23542300x800000000000000028459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.L1pQxs--- 23542300x800000000000000028458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Nsgajw--- 23542300x800000000000000028457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.pvyu4z--- 23542300x800000000000000028456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.PukPPD--- 23542300x800000000000000028455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.tt1aBH--- 23542300x800000000000000028454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.540{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.FycxmL--- 23542300x800000000000000028492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.JEj6ps--- 23542300x800000000000000028491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.defcbw--- 23542300x800000000000000028490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5DziWz--- 23542300x800000000000000028489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.xIjpHD--- 23542300x800000000000000028488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.tguwsH--- 23542300x800000000000000028487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Lh4DdL--- 23542300x800000000000000028486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ZB5LYO--- 23542300x800000000000000028485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.fxwUJS--- 23542300x800000000000000028484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.3Sn3uW--- 23542300x800000000000000028483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.D8Gcg0--- 23542300x800000000000000028482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Nbrm13--- 23542300x800000000000000028481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.DGAwM7--- 23542300x800000000000000028480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.X8aHxb--- 23542300x800000000000000028479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.9PbSif--- 23542300x800000000000000028478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.lWC33i--- 23542300x800000000000000028477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ZhvfPm--- 23542300x800000000000000028476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.NMMrAq--- 23542300x800000000000000028475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zVtElu--- 23542300x800000000000000028474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.1ECR6x--- 23542300x800000000000000028473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.tfb5RB--- 23542300x800000000000000028472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.xE8iDF--- 23542300x800000000000000028471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ZJvxoJ--- 23542300x800000000000000028470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zikM9M--- 23542300x800000000000000028469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zYy1UQ--- 23542300x800000000000000028468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.541{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.dMchGU--- 23542300x800000000000000028511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.x9fS0i--- 23542300x800000000000000028510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ZJSNLm--- 23542300x800000000000000028509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.LgVJwq--- 23542300x800000000000000028508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.3HoGhu--- 23542300x800000000000000028507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.NigD2x--- 23542300x800000000000000028506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.9BxANB--- 23542300x800000000000000028505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.T0ezyF--- 23542300x800000000000000028504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.t1lyjJ--- 23542300x800000000000000028503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.fEey4M--- 23542300x800000000000000028502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.3zvyPQ--- 23542300x800000000000000028501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.XsazAU--- 23542300x800000000000000028500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.7LhAlY--- 23542300x800000000000000028499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.BurC61--- 23542300x800000000000000028498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.11tFR5--- 23542300x800000000000000028497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.BGVIC9--- 23542300x800000000000000028496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.TjNMnd--- 23542300x800000000000000028495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Po3Q8g--- 23542300x800000000000000028494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zlIVTk--- 23542300x800000000000000028493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.542{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.fqO0Eo--- 23542300x800000000000000028531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zsX8T5--- 23542300x800000000000000028530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.vJaUE9--- 23542300x800000000000000028529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.RMMFpd--- 23542300x800000000000000028528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.JvYrah--- 23542300x800000000000000028527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.bMJeVk--- 23542300x800000000000000028526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.pPU1Fo--- 23542300x800000000000000028525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.pjvPqs--- 23542300x800000000000000028524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.vMuDbw--- 23542300x800000000000000028523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.nKVrWz--- 23542300x800000000000000028522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.lbKgHD--- 23542300x800000000000000028521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.dgY5rH--- 23542300x800000000000000028520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.JwCVcL--- 23542300x800000000000000028519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.9nGLXO--- 23542300x800000000000000028518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.t98BIS--- 23542300x800000000000000028517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.DF0stW--- 23542300x800000000000000028516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.b8jke0--- 23542300x800000000000000028515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.FrSdZ3--- 23542300x800000000000000028514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.dVP7J7--- 23542300x800000000000000028513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Hue2ub--- 23542300x800000000000000028512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.543{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.hG2Wff--- 23542300x800000000000000028554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.TaoIAH--- 23542300x800000000000000028553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.NH9ilL--- 23542300x800000000000000028552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.BbnU5O--- 23542300x800000000000000028551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.RiZvQS--- 23542300x800000000000000028550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.pD37AW--- 23542300x800000000000000028549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.vpyKl0--- 23542300x800000000000000028548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.DOtn63--- 23542300x800000000000000028547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.V3Q0Q7--- 23542300x800000000000000028546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.xhFEBb--- 23542300x800000000000000028545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.rJTimf--- 23542300x800000000000000028544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.nQxX6i--- 23542300x800000000000000028543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.LzDCRm--- 23542300x800000000000000028542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.d99hCq--- 23542300x800000000000000028541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.dP6Xmu--- 23542300x800000000000000028540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.jVtE7x--- 23542300x800000000000000028539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.3nilSB--- 23542300x800000000000000028538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5hx2CF--- 23542300x800000000000000028537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.1tcKnJ--- 23542300x800000000000000028536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.LDjs8M--- 23542300x800000000000000028535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.z9SaTQ--- 23542300x800000000000000028534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.FQUTDU--- 23542300x800000000000000028533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.hHODoY--- 23542300x800000000000000028532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.544{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.PWao91--- 23542300x800000000000000028573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.FRLWky--- 23542300x800000000000000028572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.nqno5B--- 23542300x800000000000000028571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.RmpQPF--- 23542300x800000000000000028570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.xuSiAJ--- 23542300x800000000000000028569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.jyLLkN--- 23542300x800000000000000028568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Nj5e5Q--- 23542300x800000000000000028567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.tcRIPU--- 23542300x800000000000000028566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.tY2cAY--- 23542300x800000000000000028565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.rEGHk2--- 23542300x800000000000000028564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.NQMc55--- 23542300x800000000000000028563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.PnnIP9--- 23542300x800000000000000028562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.HaYeAd--- 23542300x800000000000000028561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.vUXLkh--- 23542300x800000000000000028560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Rspj5k--- 23542300x800000000000000028559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.LxgRPo--- 23542300x800000000000000028558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5uHpAs--- 23542300x800000000000000028557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.JOIYkw--- 23542300x800000000000000028556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.7gby5z--- 23542300x800000000000000028555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.545{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.xD57PD--- 154100x800000000000000028574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.547{ec2a2542-297c-6254-b9c3-080350560000}3658/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 354300x800000000000000028576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.555{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52033- 354300x800000000000000028575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.555{ec2a2542-297c-6254-b9c3-080350560000}3658/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-52033-false127.0.0.53-53- 354300x800000000000000028578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.556{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52280- 354300x800000000000000028577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.556{ec2a2542-297c-6254-b9c3-080350560000}3658/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-52280-false127.0.0.53-53- 354300x800000000000000028579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.557{ec2a2542-297c-6254-b9c3-080350560000}3658/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-50796-false52.15.102.108-80- 354300x800000000000000028580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:32.807{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54744-false10.0.1.12-8000- 23542300x800000000000000028582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.428{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/var/log/apt/eipp.log.xz--- 534500x800000000000000028581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.428{ec2a2542-297c-6254-b9c3-080350560000}3658/usr/lib/apt/methods/http_apt 154100x800000000000000028583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.530{ec2a2542-297e-6254-68c2-94376e550000}3659/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000028584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.532{ec2a2542-297e-6254-98b7-f1ebba550000}3660/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-68c2-94376e550000}3659/bin/dash/bin/shroot 154100x800000000000000028585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.563{ec2a2542-297e-6254-30e0-352c9d550000}3661/usr/bin/locale-----locale charmap/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-98b7-f1ebba550000}3660/usr/bin/perl/usr/bin/perlroot 534500x800000000000000028586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.564{ec2a2542-297e-6254-30e0-352c9d550000}3661/usr/bin/localeroot 154100x800000000000000028587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.622{ec2a2542-297e-6254-6842-121727560000}3662/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-98b7-f1ebba550000}3660/usr/bin/perl/usr/bin/perlroot 154100x800000000000000028588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.623{ec2a2542-297e-6254-f09e-ac7447560000}3663/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-6842-121727560000}3662/bin/dashshroot 534500x800000000000000028590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.624{ec2a2542-297e-6254-6842-121727560000}3662/bin/dashroot 534500x800000000000000028589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.624{ec2a2542-297e-6254-f09e-ac7447560000}3663/bin/sttyroot 154100x800000000000000028591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.625{ec2a2542-297e-6254-6852-631783550000}3664/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-98b7-f1ebba550000}3660/usr/bin/perl/usr/bin/perlroot 534500x800000000000000028594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.626{ec2a2542-297e-6254-6852-631783550000}3664/bin/dashroot 534500x800000000000000028593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.626{ec2a2542-297e-6254-f01e-1622b2550000}3665/bin/sttyroot 154100x800000000000000028592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.626{ec2a2542-297e-6254-f01e-1622b2550000}3665/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-6852-631783550000}3664/bin/dashshroot 154100x800000000000000028595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.628{ec2a2542-297e-6254-33d1-f63b46560000}3667/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/fonts-dejavu-core_2.37-1_all.deb /var/cache/apt/archives/fontconfig-config_2.12.6-0ubuntu2_all.deb /var/cache/apt/archives/libfontconfig1_2.12.6-0ubuntu2_amd64.deb /var/cache/apt/archives/fontconfig_2.12.6-0ubuntu2_amd64.deb /var/cache/apt/archives/libjpeg-turbo8_1.5.2-0ubuntu5.18.04.4_amd64.deb /var/cache/apt/archives/libogg0_1.3.2-1_amd64.deb /var/cache/apt/archives/libiscsi7_1.17.0-1.1_amd64.deb /var/cache/apt/archives/libnl-3-200_3.2.29-0ubuntu3_amd64.deb /var/cache/apt/archives/libnl-route-3-200_3.2.29-0ubuntu3_amd64.deb /var/cache/apt/archives/libibverbs1_17.1-1ubuntu0.2_amd64.deb /var/cache/apt/archives/libnspr4_2%3a4.18-1ubuntu1_amd64.deb /var/cache/apt/archives/libnss3_2%3a3.35-2ubuntu2.13_amd64.deb /var/cache/apt/archives/librados2_12.2.13-0ubuntu0.18.04.10_amd64.deb /var/cache/apt/archives/librbd1_12.2.13-0ubuntu0.18.04.10_amd64.deb /var/cache/apt/archives/qemu-block-extra_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system-common_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/binfmt-support_2.1.8-2_amd64.deb /var/cache/apt/archives/msr-tools_1.3-2build1_amd64.deb /var/cache/apt/archives/cpu-checker_0.7-0ubuntu7_amd64.deb /var/cache/apt/archives/libdconf1_0.26.0-2ubuntu3_amd64.deb /var/cache/apt/archives/dconf-service_0.26.0-2ubuntu3_amd64.deb /var/cache/apt/archives/dconf-gsettings-backend_0.26.0-2ubuntu3_amd64.deb /var/cache/apt/archives/libproxy1v5_0.4.15-1ubuntu0.2_amd64.deb /var/cache/apt/archives/glib-networking-common_2.56.0-1ubuntu0.1_all.deb /var/cache/apt/archives/glib-networking-services_2.56.0-1ubuntu0.1_amd64.deb /var/cache/apt/archives/gsettings-desktop-schemas_3.28.0-1ubuntu1_all.deb /var/cache/apt/archives/glib-networking_2.56.0-1ubuntu0.1_amd64.deb /var/cache/apt/archives/libcdparanoia0_3.10.2+debian-13_amd64.deb /var/cache/apt/archives/libgstreamer1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/cache/apt/archives/liborc-0.4-0_1%3a0.4.28-1_amd64.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3666--- 154100x800000000000000028596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.632{ec2a2542-297e-6254-7081-cfc096550000}3668/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33d1-f63b46560000}3667/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x800000000000000028598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.635{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.TZ9jff--- 534500x800000000000000028597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.635{ec2a2542-297e-6254-7081-cfc096550000}3668/usr/bin/dpkgroot 23542300x800000000000000028599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.640{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.wlcfdh--- 23542300x800000000000000028600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.644{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.pKMSbj--- 23542300x800000000000000028601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.646{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.g0XLal--- 23542300x800000000000000028602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.647{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.fhwU9m--- 23542300x800000000000000028603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.651{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.aMoJ9o--- 23542300x800000000000000028604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.653{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.xG4N9q--- 23542300x800000000000000028605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.657{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Ajmzat--- 23542300x800000000000000028606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.658{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jL7zbv--- 23542300x800000000000000028607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.659{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.clKNcx--- 23542300x800000000000000028608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.661{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.bLveez--- 23542300x800000000000000028609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.662{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.uE6RfB--- 23542300x800000000000000028610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.663{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.R0CIhD--- 23542300x800000000000000028611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.665{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.CAXOjF--- 23542300x800000000000000028612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.666{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.bSJamH--- 23542300x800000000000000028613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.668{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.gQ5LoJ--- 23542300x800000000000000028614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.669{ec2a2542-297e-6254-33d1-f63b46560000}3667root/usr/bin/apt-extracttemplates/tmp/fileutl.message.lUfErL--- 154100x800000000000000028615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.670{ec2a2542-297e-6254-70d1-eb37aa550000}3669/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33d1-f63b46560000}3667/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.672{ec2a2542-297e-6254-70d1-eb37aa550000}3669/usr/bin/dpkgroot 154100x800000000000000028617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.693{ec2a2542-297e-6254-7031-fd3e3b560000}3670/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33d1-f63b46560000}3667/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.696{ec2a2542-297e-6254-7031-fd3e3b560000}3670/usr/bin/dpkgroot 534500x800000000000000028619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.734{ec2a2542-297e-6254-33d1-f63b46560000}3667/usr/bin/apt-extracttemplatesroot 154100x800000000000000028620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.735{ec2a2542-297e-6254-3381-aa2321560000}3671/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/libgstreamer-plugins-base1.0-0_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/cache/apt/archives/libopus0_1.1.2-1ubuntu1_amd64.deb /var/cache/apt/archives/libpixman-1-0_0.34.0-2_amd64.deb /var/cache/apt/archives/libxcb-render0_1.13-2~ubuntu18.04_amd64.deb /var/cache/apt/archives/libxcb-shm0_1.13-2~ubuntu18.04_amd64.deb /var/cache/apt/archives/libxrender1_1%3a0.9.10-1_amd64.deb /var/cache/apt/archives/libcairo2_1.15.10-2ubuntu0.1_amd64.deb /var/cache/apt/archives/libtheora0_1.1.1+dfsg.1-14_amd64.deb /var/cache/apt/archives/libvisual-0.4-0_0.4.0-11_amd64.deb /var/cache/apt/archives/libvorbis0a_1.3.5-4.2_amd64.deb /var/cache/apt/archives/libvorbisenc2_1.3.5-4.2_amd64.deb /var/cache/apt/archives/gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/cache/apt/archives/libaa1_1.4p5-44build2_amd64.deb /var/cache/apt/archives/libraw1394-11_2.1.2-1_amd64.deb /var/cache/apt/archives/libavc1394-0_0.5.4-4build1_amd64.deb /var/cache/apt/archives/libcaca0_0.99.beta19-2ubuntu0.18.04.3_amd64.deb /var/cache/apt/archives/libcairo-gobject2_1.15.10-2ubuntu0.1_amd64.deb /var/cache/apt/archives/libdv4_1.0.0-11_amd64.deb /var/cache/apt/archives/libflac8_1.3.2-1_amd64.deb /var/cache/apt/archives/libjpeg8_8c-2ubuntu8_amd64.deb /var/cache/apt/archives/libjbig0_2.1-3.1build1_amd64.deb /var/cache/apt/archives/libtiff5_4.0.9-5ubuntu0.4_amd64.deb /var/cache/apt/archives/libgdk-pixbuf2.0-common_2.36.11-2_all.deb /var/cache/apt/archives/libgdk-pixbuf2.0-0_2.36.11-2_amd64.deb /var/cache/apt/archives/libgstreamer-plugins-good1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/cache/apt/archives/libgudev-1.0-0_1%3a232-2_amd64.deb /var/cache/apt/archives/libiec61883-0_1.2.0-2_amd64.deb /var/cache/apt/archives/libsamplerate0_0.1.9-1_amd64.deb /var/cache/apt/archives/libjack-jackd2-0_1.9.12~dfsg-2_amd64.deb /var/cache/apt/archives/libmp3lame0_3.100-2_amd64.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3666--- 154100x800000000000000028621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.740{ec2a2542-297e-6254-7031-450001560000}3672/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3381-aa2321560000}3671/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x800000000000000028623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.743{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jIh61l--- 534500x800000000000000028622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.743{ec2a2542-297e-6254-7031-450001560000}3672/usr/bin/dpkgroot 23542300x800000000000000028624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.748{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.sq6hio--- 23542300x800000000000000028625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.752{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.BoZbzq--- 23542300x800000000000000028626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.754{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.2bmlQs--- 23542300x800000000000000028627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.755{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.pE7J7u--- 23542300x800000000000000028628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.759{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.sDROpx--- 23542300x800000000000000028629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.760{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.nWx9Hz--- 23542300x800000000000000028630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.765{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.0eUa1B--- 23542300x800000000000000028631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.766{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.XdbskE--- 23542300x800000000000000028632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.767{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.8HyWDG--- 23542300x800000000000000028633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.769{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.7EQEXI--- 23542300x800000000000000028634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.770{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.q74AhL--- 23542300x800000000000000028635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.771{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.F64KBN--- 23542300x800000000000000028636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.773{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.iIwbWP--- 23542300x800000000000000028637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.774{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.TRVRgS--- 23542300x800000000000000028638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.776{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.4F9OBU--- 154100x800000000000000028640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.778{ec2a2542-297e-6254-7061-eaa10a560000}3673/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3381-aa2321560000}3671/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 23542300x800000000000000028639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.778{ec2a2542-297e-6254-3381-aa2321560000}3671root/usr/bin/apt-extracttemplates/tmp/fileutl.message.RGS3WW--- 534500x800000000000000028641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.782{ec2a2542-297e-6254-7061-eaa10a560000}3673/usr/bin/dpkgroot 154100x800000000000000028642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.803{ec2a2542-297e-6254-7011-647503560000}3674/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3381-aa2321560000}3671/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.806{ec2a2542-297e-6254-7011-647503560000}3674/usr/bin/dpkgroot 534500x800000000000000028644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.832{ec2a2542-297e-6254-3381-aa2321560000}3671/usr/bin/apt-extracttemplatesroot 154100x800000000000000028645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.833{ec2a2542-297e-6254-3341-0f3043560000}3675/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/libmpg123-0_1.25.10-1_amd64.deb /var/cache/apt/archives/libspeex1_1.2~rc1.2-1ubuntu2.1_amd64.deb /var/cache/apt/archives/libshout3_2.4.1-2build1_amd64.deb /var/cache/apt/archives/libsoup2.4-1_2.62.1-1ubuntu0.4_amd64.deb /var/cache/apt/archives/libtag1v5-vanilla_1.11.1+dfsg.1-0.2build2_amd64.deb /var/cache/apt/archives/libtag1v5_1.11.1+dfsg.1-0.2build2_amd64.deb /var/cache/apt/archives/libtwolame0_0.3.13-3_amd64.deb /var/cache/apt/archives/libv4lconvert0_1.14.2-1_amd64.deb /var/cache/apt/archives/libv4l-0_1.14.2-1_amd64.deb /var/cache/apt/archives/libvpx5_1.7.0-3ubuntu0.18.04.1_amd64.deb /var/cache/apt/archives/libwavpack1_5.1.0-2ubuntu1.5_amd64.deb /var/cache/apt/archives/libxdamage1_1%3a1.1.4-3_amd64.deb /var/cache/apt/archives/libxfixes3_1%3a5.0.3-1_amd64.deb /var/cache/apt/archives/gstreamer1.0-plugins-good_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/cache/apt/archives/libthai-data_0.1.27-2_all.deb /var/cache/apt/archives/libdatrie1_0.2.10-7_amd64.deb /var/cache/apt/archives/libthai0_0.1.27-2_amd64.deb /var/cache/apt/archives/libpango-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/cache/apt/archives/libgraphite2-3_1.3.11-2_amd64.deb /var/cache/apt/archives/libharfbuzz0b_1.7.2-1ubuntu1_amd64.deb /var/cache/apt/archives/libpangoft2-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/cache/apt/archives/libpangocairo-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/cache/apt/archives/libxv1_2%3a1.0.11-1_amd64.deb /var/cache/apt/archives/gstreamer1.0-x_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/cache/apt/archives/ibverbs-providers_17.1-1ubuntu0.2_amd64.deb /var/cache/apt/archives/ipxe-qemu_1.0.0+git-20180124.fbe8c52d-0ubuntu2.2_all.deb /var/cache/apt/archives/ipxe-qemu-256k-compat-efi-roms_1.0.0+git-20150424.a25a16d-0ubuntu2_all.deb /var/cache/apt/archives/libaio1_0.3.110-5ubuntu0.1_amd64.deb /var/cache/apt/archives/libasound2-data_1.1.3-5ubuntu0.6_all.deb /var/cache/apt/archives/libasound2_1.1.3-5ubuntu0.6_amd64.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3666--- 154100x800000000000000028646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.840{ec2a2542-297e-6254-7051-b89299550000}3676/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3341-0f3043560000}3675/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.842{ec2a2542-297e-6254-7051-b89299550000}3676/usr/bin/dpkgroot 23542300x800000000000000028648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.843{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.BcLJpt--- 23542300x800000000000000028649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.851{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.CEZkXv--- 23542300x800000000000000028650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.857{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.dlt3vy--- 23542300x800000000000000028651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.859{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Oho14A--- 23542300x800000000000000028652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.861{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.hrMkED--- 23542300x800000000000000028653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.865{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.QgZmeG--- 23542300x800000000000000028654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.870{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.L0I6OI--- 23542300x800000000000000028655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.876{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.gHRTqL--- 23542300x800000000000000028656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.877{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.T16X2N--- 23542300x800000000000000028657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.879{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.kj3gFQ--- 23542300x800000000000000028658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.880{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.9rvOhT--- 23542300x800000000000000028659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.881{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.UMMzUV--- 23542300x800000000000000028660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.883{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.dsPyxY--- 23542300x800000000000000028661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.884{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.4g8Ma1--- 23542300x800000000000000028662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.886{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.PftjO3--- 23542300x800000000000000028663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.887{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Cbl7r6--- 23542300x800000000000000028664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.889{ec2a2542-297e-6254-3341-0f3043560000}3675root/usr/bin/apt-extracttemplates/tmp/fileutl.message.pVIc68--- 154100x800000000000000028665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.890{ec2a2542-297e-6254-7001-85dcb3550000}3677/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3341-0f3043560000}3675/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.892{ec2a2542-297e-6254-7001-85dcb3550000}3677/usr/bin/dpkgroot 154100x800000000000000028667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.925{ec2a2542-297e-6254-7011-82b7f4550000}3678/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-3341-0f3043560000}3675/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.927{ec2a2542-297e-6254-7011-82b7f4550000}3678/usr/bin/dpkgroot 534500x800000000000000028669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.962{ec2a2542-297e-6254-3341-0f3043560000}3675/usr/bin/apt-extracttemplatesroot 154100x800000000000000028670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.963{ec2a2542-297e-6254-33c1-057d1b560000}3679/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/libasyncns0_0.8-6_amd64.deb /var/cache/apt/archives/libbluetooth3_5.48-0ubuntu3.8_amd64.deb /var/cache/apt/archives/libcacard0_1%3a2.5.0-3_amd64.deb /var/cache/apt/archives/libgdk-pixbuf2.0-bin_2.36.11-2_amd64.deb /var/cache/apt/archives/libsndfile1_1.0.28-4ubuntu0.18.04.2_amd64.deb /var/cache/apt/archives/libpulse0_1%3a11.1-1ubuntu7.11_amd64.deb /var/cache/apt/archives/libsdl1.2debian_1.2.15+dfsg2-0.1ubuntu0.1_amd64.deb /var/cache/apt/archives/libspice-server1_0.14.0-1ubuntu2.5_amd64.deb /var/cache/apt/archives/libusbredirparser1_0.7.1-1_amd64.deb /var/cache/apt/archives/libxenstore3.0_4.9.2-0ubuntu1_amd64.deb /var/cache/apt/archives/libyajl2_2.1.0-2build1_amd64.deb /var/cache/apt/archives/libxen-4.9_4.9.2-0ubuntu1_amd64.deb /var/cache/apt/archives/libbrlapi0.6_5.5-4ubuntu2.0.1_amd64.deb /var/cache/apt/archives/libfdt1_1.4.5-3_amd64.deb /var/cache/apt/archives/librdmacm1_17.1-1ubuntu0.2_amd64.deb /var/cache/apt/archives/qemu-system-arm_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system-mips_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-slof_20170724+dfsg-1ubuntu1_all.deb /var/cache/apt/archives/qemu-system-ppc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system-sparc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/seabios_1.10.2-1ubuntu1_all.deb /var/cache/apt/archives/qemu-system-x86_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system-s390x_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system-misc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-system_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-user_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-utils_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/qemu-user-static_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/cache/apt/archives/sharutils_1%3a4.15.2-3_amd64.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}3666--- 154100x800000000000000028671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.968{ec2a2542-297e-6254-70b1-ff9ce6550000}3680/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33c1-057d1b560000}3679/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.970{ec2a2542-297e-6254-70b1-ff9ce6550000}3680/usr/bin/dpkgroot 23542300x800000000000000028673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.971{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.5Ij8ZC--- 23542300x800000000000000028674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.976{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Y4fZSF--- 23542300x800000000000000028675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.981{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.nlYHMI--- 23542300x800000000000000028676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.983{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.y1zIGL--- 23542300x800000000000000028677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.985{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.3rI1AO--- 23542300x800000000000000028678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.990{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.Y8u9vR--- 23542300x800000000000000028679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.992{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.72lCrU--- 23542300x800000000000000028680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.997{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.YPTVnX--- 23542300x800000000000000028681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:34.998{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.VShwk0--- 23542300x800000000000000028682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.000{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.argkh3--- 23542300x800000000000000028683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.001{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.hmUne6--- 23542300x800000000000000028684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.002{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.mUVEb9--- 23542300x800000000000000028685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.004{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.D4Pc9b--- 23542300x800000000000000028686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.006{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.m8X46e--- 23542300x800000000000000028687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.008{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.txRf5h--- 23542300x800000000000000028688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.009{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.aD9H3k--- 23542300x800000000000000028689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.011{ec2a2542-297e-6254-33c1-057d1b560000}3679root/usr/bin/apt-extracttemplates/tmp/fileutl.message.TP7t2n--- 154100x800000000000000028690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.012{ec2a2542-297f-6254-70d1-62f993550000}3681/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33c1-057d1b560000}3679/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.014{ec2a2542-297f-6254-70d1-62f993550000}3681/usr/bin/dpkgroot 154100x800000000000000028692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.040{ec2a2542-297f-6254-7081-4f0395550000}3682/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297e-6254-33c1-057d1b560000}3679/usr/bin/apt-extracttemplatesapt-extracttemplatesroot 534500x800000000000000028693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.042{ec2a2542-297f-6254-7081-4f0395550000}3682/usr/bin/dpkgroot 534500x800000000000000028694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.073{ec2a2542-297e-6254-33c1-057d1b560000}3679/usr/bin/apt-extracttemplatesroot 534500x800000000000000028695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.081{ec2a2542-297e-6254-0000-000000000000}3666-root 534500x800000000000000028697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.087{ec2a2542-297e-6254-68c2-94376e550000}3659/bin/dashroot 534500x800000000000000028696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.087{ec2a2542-297e-6254-98b7-f1ebba550000}3660/usr/bin/perlroot 154100x800000000000000028698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.111{ec2a2542-297f-6254-70c1-d0cc15560000}3683/usr/bin/dpkg-----/usr/bin/dpkg --assert-multi-arch/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 534500x800000000000000028699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.121{ec2a2542-297f-6254-70c1-d0cc15560000}3683/usr/bin/dpkgroot 154100x800000000000000028700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.124{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-7NsVNE/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000028701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.136{ec2a2542-297f-6254-d88f-090d7c550000}3685/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/000-fonts-dejavu-core_2.37-1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.137{ec2a2542-297f-6254-40fa-7710ec550000}3686/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/000-fonts-dejavu-core_2.37-1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.137{ec2a2542-297f-6254-d88f-090d7c550000}3685/usr/bin/dpkg-splitroot 154100x800000000000000028706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.139{ec2a2542-297f-6254-b0f3-5927c0550000}3689/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-40fa-7710ec550000}3686/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.139{ec2a2542-297f-6254-0000-000000000000}3688-root 534500x800000000000000028704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.139{ec2a2542-297f-6254-0000-000000000000}3687-root 534500x800000000000000028708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.141{ec2a2542-297f-6254-40fa-7710ec550000}3686/usr/bin/dpkg-debroot 534500x800000000000000028707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.141{ec2a2542-297f-6254-b0f3-5927c0550000}3689/bin/tarroot 154100x800000000000000028709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.195{ec2a2542-297f-6254-40aa-8011b4550000}3690/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/000-fonts-dejavu-core_2.37-1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.295{ec2a2542-297f-6254-0000-000000000000}3691-root 534500x800000000000000028712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.301{ec2a2542-297f-6254-40aa-8011b4550000}3690/usr/bin/dpkg-debroot 534500x800000000000000028711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.301{ec2a2542-297f-6254-0000-000000000000}3692-root 154100x800000000000000028713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.321{ec2a2542-297f-6254-7033-84bf26560000}3693/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.323{ec2a2542-297f-6254-d81f-cef858550000}3694/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/001-fontconfig-config_2.12.6-0ubuntu2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.323{ec2a2542-297f-6254-7033-84bf26560000}3693/bin/rmroot 23542300x800000000000000028714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.323{ec2a2542-297f-6254-7033-84bf26560000}3693root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.324{ec2a2542-297f-6254-408a-f7c550560000}3695/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/001-fontconfig-config_2.12.6-0ubuntu2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.324{ec2a2542-297f-6254-d81f-cef858550000}3694/usr/bin/dpkg-splitroot 154100x800000000000000028720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.326{ec2a2542-297f-6254-b033-ad9360550000}3698/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-408a-f7c550560000}3695/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.326{ec2a2542-297f-6254-0000-000000000000}3696-root 534500x800000000000000028721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.328{ec2a2542-297f-6254-0000-000000000000}3697-root 534500x800000000000000028723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.329{ec2a2542-297f-6254-408a-f7c550560000}3695/usr/bin/dpkg-debroot 534500x800000000000000028722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.329{ec2a2542-297f-6254-b033-ad9360550000}3698/bin/tarroot 154100x800000000000000028724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.350{ec2a2542-297f-6254-408a-190197550000}3699/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/001-fontconfig-config_2.12.6-0ubuntu2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.352{ec2a2542-297f-6254-0000-000000000000}3700-root 534500x800000000000000028727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.362{ec2a2542-297f-6254-408a-190197550000}3699/usr/bin/dpkg-debroot 534500x800000000000000028726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.362{00000000-0000-0000-0000-000000000000}3701<unknown process>root 154100x800000000000000028728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.384{ec2a2542-297f-6254-7063-4fa167550000}3702/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.385{ec2a2542-297f-6254-d80f-12d4f1550000}3703/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/002-libfontconfig1_2.12.6-0ubuntu2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.385{ec2a2542-297f-6254-7063-4fa167550000}3702/bin/rmroot 23542300x800000000000000028729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.385{ec2a2542-297f-6254-7063-4fa167550000}3702root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.387{ec2a2542-297f-6254-40ea-663187550000}3704/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/002-libfontconfig1_2.12.6-0ubuntu2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.387{ec2a2542-297f-6254-d80f-12d4f1550000}3703/usr/bin/dpkg-splitroot 154100x800000000000000028735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.389{ec2a2542-297f-6254-b053-5d4533560000}3707/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-40ea-663187550000}3704/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.389{ec2a2542-297f-6254-0000-000000000000}3705-root 534500x800000000000000028736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.390{ec2a2542-297f-6254-0000-000000000000}3706-root 534500x800000000000000028738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.391{ec2a2542-297f-6254-40ea-663187550000}3704/usr/bin/dpkg-debroot 534500x800000000000000028737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.391{ec2a2542-297f-6254-b053-5d4533560000}3707/bin/tarroot 154100x800000000000000028739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.412{ec2a2542-297f-6254-400a-139fc5550000}3708/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/002-libfontconfig1_2.12.6-0ubuntu2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.421{ec2a2542-297f-6254-0000-000000000000}3709-root 534500x800000000000000028742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.429{ec2a2542-297f-6254-400a-139fc5550000}3708/usr/bin/dpkg-debroot 534500x800000000000000028741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.429{00000000-0000-0000-0000-000000000000}3710<unknown process>root 154100x800000000000000028743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.482{ec2a2542-297f-6254-7043-393e4e560000}3711/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.484{ec2a2542-297f-6254-d87f-03f84a560000}3712/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/003-fontconfig_2.12.6-0ubuntu2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.484{ec2a2542-297f-6254-7043-393e4e560000}3711/bin/rmroot 23542300x800000000000000028744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.484{ec2a2542-297f-6254-7043-393e4e560000}3711root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.485{ec2a2542-297f-6254-408a-b38ae6550000}3713/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/003-fontconfig_2.12.6-0ubuntu2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.485{ec2a2542-297f-6254-d87f-03f84a560000}3712/usr/bin/dpkg-splitroot 154100x800000000000000028750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.487{ec2a2542-297f-6254-b0b3-912b35560000}3716/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-408a-b38ae6550000}3713/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.487{ec2a2542-297f-6254-0000-000000000000}3714-root 534500x800000000000000028751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.489{ec2a2542-297f-6254-0000-000000000000}3715-root 534500x800000000000000028752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.490{ec2a2542-297f-6254-b0b3-912b35560000}3716/bin/tarroot 534500x800000000000000028753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.491{ec2a2542-297f-6254-408a-b38ae6550000}3713/usr/bin/dpkg-debroot 154100x800000000000000028754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.512{ec2a2542-297f-6254-405a-66a04d560000}3717/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/003-fontconfig_2.12.6-0ubuntu2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.520{ec2a2542-297f-6254-0000-000000000000}3718-root 534500x800000000000000028757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.524{ec2a2542-297f-6254-405a-66a04d560000}3717/usr/bin/dpkg-debroot 534500x800000000000000028756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.524{00000000-0000-0000-0000-000000000000}3719<unknown process>root 154100x800000000000000028758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.547{ec2a2542-297f-6254-7073-00a359550000}3720/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.548{ec2a2542-297f-6254-7073-00a359550000}3720/bin/rmroot 23542300x800000000000000028759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.548{ec2a2542-297f-6254-7073-00a359550000}3720root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.549{ec2a2542-297f-6254-d85f-63bb35560000}3721/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/004-libjpeg-turbo8_1.5.2-0ubuntu5.18.04.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.550{ec2a2542-297f-6254-401a-b872c7550000}3722/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/004-libjpeg-turbo8_1.5.2-0ubuntu5.18.04.4_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.550{ec2a2542-297f-6254-d85f-63bb35560000}3721/usr/bin/dpkg-splitroot 154100x800000000000000028765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.552{ec2a2542-297f-6254-b0d3-78ed8f550000}3725/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-401a-b872c7550000}3722/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.552{ec2a2542-297f-6254-0000-000000000000}3723-root 534500x800000000000000028766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.553{ec2a2542-297f-6254-0000-000000000000}3724-root 534500x800000000000000028767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.554{ec2a2542-297f-6254-b0d3-78ed8f550000}3725/bin/tarroot 534500x800000000000000028768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.555{ec2a2542-297f-6254-401a-b872c7550000}3722/usr/bin/dpkg-debroot 154100x800000000000000028769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.575{ec2a2542-297f-6254-40aa-754caa550000}3726/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/004-libjpeg-turbo8_1.5.2-0ubuntu5.18.04.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.582{ec2a2542-297f-6254-0000-000000000000}3727-root 534500x800000000000000028772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.590{ec2a2542-297f-6254-40aa-754caa550000}3726/usr/bin/dpkg-debroot 534500x800000000000000028771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.590{00000000-0000-0000-0000-000000000000}3728<unknown process>root 154100x800000000000000028773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.609{ec2a2542-297f-6254-70c3-49810f560000}3729/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.610{ec2a2542-297f-6254-70c3-49810f560000}3729/bin/rmroot 23542300x800000000000000028774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.610{ec2a2542-297f-6254-70c3-49810f560000}3729root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.611{ec2a2542-297f-6254-d87f-de1f06560000}3730/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/005-libogg0_1.3.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.612{ec2a2542-297f-6254-40aa-864cd5550000}3731/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/005-libogg0_1.3.2-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.612{ec2a2542-297f-6254-d87f-de1f06560000}3730/usr/bin/dpkg-splitroot 154100x800000000000000028780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.614{ec2a2542-297f-6254-b073-1cc958550000}3734/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-40aa-864cd5550000}3731/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.614{ec2a2542-297f-6254-0000-000000000000}3732-root 534500x800000000000000028781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.615{ec2a2542-297f-6254-0000-000000000000}3733-root 534500x800000000000000028783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.617{ec2a2542-297f-6254-40aa-864cd5550000}3731/usr/bin/dpkg-debroot 534500x800000000000000028782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.617{ec2a2542-297f-6254-b073-1cc958550000}3734/bin/tarroot 154100x800000000000000028784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.640{ec2a2542-297f-6254-401a-490ff6550000}3735/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/005-libogg0_1.3.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.642{ec2a2542-297f-6254-0000-000000000000}3736-root 534500x800000000000000028787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.644{ec2a2542-297f-6254-401a-490ff6550000}3735/usr/bin/dpkg-debroot 534500x800000000000000028786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.644{ec2a2542-297f-6254-0000-000000000000}3737-root 154100x800000000000000028788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.662{ec2a2542-297f-6254-7063-8fffda550000}3738/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.663{ec2a2542-297f-6254-d85f-653898550000}3739/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/006-libiscsi7_1.17.0-1.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.663{ec2a2542-297f-6254-7063-8fffda550000}3738/bin/rmroot 23542300x800000000000000028789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.663{ec2a2542-297f-6254-7063-8fffda550000}3738root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.665{ec2a2542-297f-6254-40ba-1d877d550000}3740/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/006-libiscsi7_1.17.0-1.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.665{ec2a2542-297f-6254-d85f-653898550000}3739/usr/bin/dpkg-splitroot 154100x800000000000000028795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.666{ec2a2542-297f-6254-b0b3-b6d112560000}3743/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-40ba-1d877d550000}3740/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.667{ec2a2542-297f-6254-0000-000000000000}3742-root 534500x800000000000000028794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.667{ec2a2542-297f-6254-0000-000000000000}3741-root 534500x800000000000000028798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.669{ec2a2542-297f-6254-40ba-1d877d550000}3740/usr/bin/dpkg-debroot 534500x800000000000000028797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.669{ec2a2542-297f-6254-b0b3-b6d112560000}3743/bin/tarroot 154100x800000000000000028799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.692{ec2a2542-297f-6254-409a-a9ff7f550000}3744/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/006-libiscsi7_1.17.0-1.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.694{ec2a2542-297f-6254-0000-000000000000}3745-root 534500x800000000000000028802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.701{ec2a2542-297f-6254-409a-a9ff7f550000}3744/usr/bin/dpkg-debroot 534500x800000000000000028801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.701{ec2a2542-297f-6254-0000-000000000000}3746-root 154100x800000000000000028803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.718{ec2a2542-297f-6254-7063-422d50560000}3747/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.720{ec2a2542-297f-6254-7063-422d50560000}3747/bin/rmroot 23542300x800000000000000028804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.720{ec2a2542-297f-6254-7063-422d50560000}3747root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.721{ec2a2542-297f-6254-d88f-999829560000}3748/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/007-libnl-3-200_3.2.29-0ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.722{ec2a2542-297f-6254-407a-03bbb8550000}3749/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/007-libnl-3-200_3.2.29-0ubuntu3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.722{ec2a2542-297f-6254-d88f-999829560000}3748/usr/bin/dpkg-splitroot 154100x800000000000000028810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.724{ec2a2542-297f-6254-b073-113abb550000}3752/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-407a-03bbb8550000}3749/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.724{ec2a2542-297f-6254-0000-000000000000}3750-root 534500x800000000000000028811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.725{ec2a2542-297f-6254-0000-000000000000}3751-root 534500x800000000000000028812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.726{ec2a2542-297f-6254-b073-113abb550000}3752/bin/tarroot 534500x800000000000000028813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.727{ec2a2542-297f-6254-407a-03bbb8550000}3749/usr/bin/dpkg-debroot 154100x800000000000000028814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.748{ec2a2542-297f-6254-402a-dceb19560000}3753/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/007-libnl-3-200_3.2.29-0ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.751{ec2a2542-297f-6254-0000-000000000000}3754-root 534500x800000000000000028817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.757{ec2a2542-297f-6254-402a-dceb19560000}3753/usr/bin/dpkg-debroot 534500x800000000000000028816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.757{00000000-0000-0000-0000-000000000000}3755<unknown process>root 154100x800000000000000028818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.774{ec2a2542-297f-6254-70a3-4be7b5550000}3756/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.775{ec2a2542-297f-6254-70a3-4be7b5550000}3756/bin/rmroot 23542300x800000000000000028819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.775{ec2a2542-297f-6254-70a3-4be7b5550000}3756root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.776{ec2a2542-297f-6254-d87f-e3a225560000}3757/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/008-libnl-route-3-200_3.2.29-0ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.777{ec2a2542-297f-6254-403a-2c8666550000}3758/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/008-libnl-route-3-200_3.2.29-0ubuntu3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.777{ec2a2542-297f-6254-d87f-e3a225560000}3757/usr/bin/dpkg-splitroot 154100x800000000000000028825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.779{ec2a2542-297f-6254-b0e3-678064550000}3761/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-403a-2c8666550000}3758/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.779{ec2a2542-297f-6254-0000-000000000000}3759-root 534500x800000000000000028826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.780{ec2a2542-297f-6254-0000-000000000000}3760-root 534500x800000000000000028828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.782{ec2a2542-297f-6254-403a-2c8666550000}3758/usr/bin/dpkg-debroot 534500x800000000000000028827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.782{ec2a2542-297f-6254-b0e3-678064550000}3761/bin/tarroot 154100x800000000000000028829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.804{ec2a2542-297f-6254-405a-8bf3c8550000}3762/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/008-libnl-route-3-200_3.2.29-0ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.814{ec2a2542-297f-6254-0000-000000000000}3763-root 534500x800000000000000028832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.822{ec2a2542-297f-6254-405a-8bf3c8550000}3762/usr/bin/dpkg-debroot 534500x800000000000000028831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.822{00000000-0000-0000-0000-000000000000}3764<unknown process>root 154100x800000000000000028833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.838{ec2a2542-297f-6254-7073-f9483a560000}3765/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.839{ec2a2542-297f-6254-d83f-b20e30560000}3766/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/009-libibverbs1_17.1-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.839{ec2a2542-297f-6254-7073-f9483a560000}3765/bin/rmroot 23542300x800000000000000028834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.839{ec2a2542-297f-6254-7073-f9483a560000}3765root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.841{ec2a2542-297f-6254-40fa-aa9d5d550000}3767/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/009-libibverbs1_17.1-1ubuntu0.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.841{ec2a2542-297f-6254-d83f-b20e30560000}3766/usr/bin/dpkg-splitroot 154100x800000000000000028840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.843{ec2a2542-297f-6254-b0d3-e28374550000}3770/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-40fa-aa9d5d550000}3767/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.843{ec2a2542-297f-6254-0000-000000000000}3768-root 534500x800000000000000028841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.844{ec2a2542-297f-6254-0000-000000000000}3769-root 534500x800000000000000028843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.846{ec2a2542-297f-6254-40fa-aa9d5d550000}3767/usr/bin/dpkg-debroot 534500x800000000000000028842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.846{ec2a2542-297f-6254-b0d3-e28374550000}3770/bin/tarroot 154100x800000000000000028844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.867{ec2a2542-297f-6254-403a-621011560000}3771/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/009-libibverbs1_17.1-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.869{ec2a2542-297f-6254-0000-000000000000}3772-root 534500x800000000000000028847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.875{ec2a2542-297f-6254-403a-621011560000}3771/usr/bin/dpkg-debroot 534500x800000000000000028846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.875{00000000-0000-0000-0000-000000000000}3773<unknown process>root 154100x800000000000000028848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.896{ec2a2542-297f-6254-70e3-6b75ff550000}3774/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000028849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.898{ec2a2542-297f-6254-70e3-6b75ff550000}3774root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.899{ec2a2542-297f-6254-d8cf-94fea6550000}3775/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/010-libnspr4_2%3a4.18-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.899{ec2a2542-297f-6254-70e3-6b75ff550000}3774/bin/rmroot 534500x800000000000000028852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.901{ec2a2542-297f-6254-d8cf-94fea6550000}3775/usr/bin/dpkg-splitroot 154100x800000000000000028853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.902{ec2a2542-297f-6254-408a-fb23a5550000}3776/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/010-libnspr4_2%3a4.18-1ubuntu1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.903{ec2a2542-297f-6254-b013-1a5a24560000}3779/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-408a-fb23a5550000}3776/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.904{ec2a2542-297f-6254-0000-000000000000}3777-root 534500x800000000000000028857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.905{ec2a2542-297f-6254-b013-1a5a24560000}3779/bin/tarroot 534500x800000000000000028856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.905{ec2a2542-297f-6254-0000-000000000000}3778-root 534500x800000000000000028858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.906{ec2a2542-297f-6254-408a-fb23a5550000}3776/usr/bin/dpkg-debroot 154100x800000000000000028859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.950{ec2a2542-297f-6254-40ca-109fb9550000}3780/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/010-libnspr4_2%3a4.18-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.958{ec2a2542-297f-6254-0000-000000000000}3781-root 534500x800000000000000028861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.963{ec2a2542-297f-6254-0000-000000000000}3782-root 534500x800000000000000028862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.964{ec2a2542-297f-6254-40ca-109fb9550000}3780/usr/bin/dpkg-debroot 154100x800000000000000028863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.988{ec2a2542-297f-6254-70b3-14f133560000}3783/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000028864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.989{ec2a2542-297f-6254-70b3-14f133560000}3783root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.990{ec2a2542-297f-6254-d83f-a613ab550000}3784/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/011-libnss3_2%3a3.35-2ubuntu2.13_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.990{ec2a2542-297f-6254-70b3-14f133560000}3783/bin/rmroot 154100x800000000000000028868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.991{ec2a2542-297f-6254-401a-7e602d560000}3785/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/011-libnss3_2%3a3.35-2ubuntu2.13_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.991{ec2a2542-297f-6254-d83f-a613ab550000}3784/usr/bin/dpkg-splitroot 154100x800000000000000028870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.993{ec2a2542-297f-6254-b023-e87cf9550000}3788/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-401a-7e602d560000}3785/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.993{ec2a2542-297f-6254-0000-000000000000}3786-root 534500x800000000000000028872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.996{ec2a2542-297f-6254-b023-e87cf9550000}3788/bin/tarroot 534500x800000000000000028871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.996{ec2a2542-297f-6254-0000-000000000000}3787-root 534500x800000000000000028873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:35.997{ec2a2542-297f-6254-401a-7e602d560000}3785/usr/bin/dpkg-debroot 154100x800000000000000028874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.018{ec2a2542-2980-6254-409a-da3dfd550000}3789/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/011-libnss3_2%3a3.35-2ubuntu2.13_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.164{ec2a2542-2980-6254-0000-000000000000}3790-root 534500x800000000000000028877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.174{ec2a2542-2980-6254-409a-da3dfd550000}3789/usr/bin/dpkg-debroot 534500x800000000000000028876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.174{00000000-0000-0000-0000-000000000000}3791<unknown process>root 154100x800000000000000028878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.227{ec2a2542-2980-6254-7013-dd556c550000}3792/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.229{ec2a2542-2980-6254-d83f-42ccf2550000}3793/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/012-librados2_12.2.13-0ubuntu0.18.04.10_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.229{ec2a2542-2980-6254-7013-dd556c550000}3792/bin/rmroot 23542300x800000000000000028879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.229{ec2a2542-2980-6254-7013-dd556c550000}3792root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000028882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.230{ec2a2542-2980-6254-d83f-42ccf2550000}3793/usr/bin/dpkg-splitroot 154100x800000000000000028883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.231{ec2a2542-2980-6254-409a-92fa71550000}3794/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/012-librados2_12.2.13-0ubuntu0.18.04.10_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.237{ec2a2542-2980-6254-b003-422de5550000}3797/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-409a-92fa71550000}3794/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.241{ec2a2542-2980-6254-0000-000000000000}3795-root 534500x800000000000000028886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.254{ec2a2542-2980-6254-b003-422de5550000}3797/bin/tarroot 534500x800000000000000028888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.255{ec2a2542-2980-6254-409a-92fa71550000}3794/usr/bin/dpkg-debroot 534500x800000000000000028887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.255{00000000-0000-0000-0000-000000000000}3796<unknown process>root 154100x800000000000000028889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.306{ec2a2542-2980-6254-406a-5d2bab550000}3798/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/012-librados2_12.2.13-0ubuntu0.18.04.10_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.615{ec2a2542-2980-6254-0000-000000000000}3799-root 534500x800000000000000028892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.623{ec2a2542-2980-6254-406a-5d2bab550000}3798/usr/bin/dpkg-debroot 534500x800000000000000028891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.623{ec2a2542-2980-6254-0000-000000000000}3800-root 154100x800000000000000028893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.641{ec2a2542-2980-6254-7003-cdfd1a560000}3801/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.643{ec2a2542-2980-6254-d82f-ae3b58550000}3802/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/013-librbd1_12.2.13-0ubuntu0.18.04.10_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.643{ec2a2542-2980-6254-7003-cdfd1a560000}3801/bin/rmroot 23542300x800000000000000028894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.643{ec2a2542-2980-6254-7003-cdfd1a560000}3801root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000028897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.644{ec2a2542-2980-6254-d82f-ae3b58550000}3802/usr/bin/dpkg-splitroot 154100x800000000000000028898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.645{ec2a2542-2980-6254-40ca-15299c550000}3803/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/013-librbd1_12.2.13-0ubuntu0.18.04.10_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.646{ec2a2542-2980-6254-b0f3-f14df8550000}3806/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-40ca-15299c550000}3803/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.646{ec2a2542-2980-6254-0000-000000000000}3804-root 534500x800000000000000028901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.648{ec2a2542-2980-6254-0000-000000000000}3805-root 534500x800000000000000028903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.649{ec2a2542-2980-6254-40ca-15299c550000}3803/usr/bin/dpkg-debroot 534500x800000000000000028902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.649{ec2a2542-2980-6254-b0f3-f14df8550000}3806/bin/tarroot 154100x800000000000000028904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.672{ec2a2542-2980-6254-40da-0c8cf2550000}3807/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/013-librbd1_12.2.13-0ubuntu0.18.04.10_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.763{ec2a2542-2980-6254-0000-000000000000}3808-root 534500x800000000000000028907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.770{ec2a2542-2980-6254-40da-0c8cf2550000}3807/usr/bin/dpkg-debroot 534500x800000000000000028906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.770{ec2a2542-2980-6254-0000-000000000000}3809-root 154100x800000000000000028908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.813{ec2a2542-2980-6254-7063-ca6b47560000}3810/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.814{ec2a2542-2980-6254-d89f-eb8f8e550000}3811/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/014-qemu-block-extra_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.814{ec2a2542-2980-6254-7063-ca6b47560000}3810/bin/rmroot 23542300x800000000000000028909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.814{ec2a2542-2980-6254-7063-ca6b47560000}3810root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.816{ec2a2542-2980-6254-40ba-cca3a1550000}3812/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/014-qemu-block-extra_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.816{ec2a2542-2980-6254-d89f-eb8f8e550000}3811/usr/bin/dpkg-splitroot 154100x800000000000000028915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.818{ec2a2542-2980-6254-b073-ad8d97550000}3815/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-40ba-cca3a1550000}3812/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.818{ec2a2542-2980-6254-0000-000000000000}3813-root 534500x800000000000000028916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.819{ec2a2542-2980-6254-0000-000000000000}3814-root 534500x800000000000000028918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.820{ec2a2542-2980-6254-40ba-cca3a1550000}3812/usr/bin/dpkg-debroot 534500x800000000000000028917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.820{ec2a2542-2980-6254-b073-ad8d97550000}3815/bin/tarroot 154100x800000000000000028919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.841{ec2a2542-2980-6254-40ca-d64978550000}3816/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/014-qemu-block-extra_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.843{ec2a2542-2980-6254-0000-000000000000}3817-root 534500x800000000000000028922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.850{ec2a2542-2980-6254-40ca-d64978550000}3816/usr/bin/dpkg-debroot 534500x800000000000000028921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.850{00000000-0000-0000-0000-000000000000}3818<unknown process>root 154100x800000000000000028923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.868{ec2a2542-2980-6254-7013-7218dc550000}3819/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.870{ec2a2542-2980-6254-d8cf-b44bc3550000}3820/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/015-qemu-system-common_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.870{ec2a2542-2980-6254-7013-7218dc550000}3819/bin/rmroot 23542300x800000000000000028924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.870{ec2a2542-2980-6254-7013-7218dc550000}3819root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.872{ec2a2542-2980-6254-400a-103e8e550000}3821/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/015-qemu-system-common_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.872{ec2a2542-2980-6254-d8cf-b44bc3550000}3820/usr/bin/dpkg-splitroot 154100x800000000000000028930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.874{ec2a2542-2980-6254-b093-00123e560000}3824/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-400a-103e8e550000}3821/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.874{ec2a2542-2980-6254-0000-000000000000}3822-root 534500x800000000000000028931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.875{ec2a2542-2980-6254-0000-000000000000}3823-root 534500x800000000000000028933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.876{ec2a2542-2980-6254-400a-103e8e550000}3821/usr/bin/dpkg-debroot 534500x800000000000000028932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.876{ec2a2542-2980-6254-b093-00123e560000}3824/bin/tarroot 154100x800000000000000028934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.903{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.904{ec2a2542-2980-6254-681a-c747c2550000}3826/usr/bin/getent-----getent group kvm/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dash/bin/shroot 154100x800000000000000028937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.908{ec2a2542-2980-6254-98b7-202729560000}3827/usr/bin/perl-----/usr/bin/perl /usr/sbin/addgroup --quiet --system kvm/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dash/bin/shroot 534500x800000000000000028936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.908{ec2a2542-2980-6254-681a-c747c2550000}3826/usr/bin/getentroot 154100x800000000000000028938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.950{ec2a2542-2980-6254-503d-3bafba550000}3828/usr/sbin/groupadd-----/usr/sbin/groupadd -g 115 kvm/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-98b7-202729560000}3827/usr/bin/perl/usr/bin/perlroot 23542300x800000000000000028940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.955{ec2a2542-2980-6254-503d-3bafba550000}3828root/usr/sbin/groupadd/etc/gshadow.3828--- 23542300x800000000000000028939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.955{ec2a2542-2980-6254-503d-3bafba550000}3828root/usr/sbin/groupadd/etc/group.3828--- 23542300x800000000000000028941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.960{ec2a2542-2980-6254-503d-3bafba550000}3828root/usr/sbin/groupadd/etc/group.lock--- 23542300x800000000000000028942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.965{ec2a2542-2980-6254-503d-3bafba550000}3828root/usr/sbin/groupadd/etc/gshadow.lock--- 534500x800000000000000028944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.966{00000000-0000-0000-0000-000000000000}3830<unknown process>root 534500x800000000000000028943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.966{00000000-0000-0000-0000-000000000000}3829<unknown process>root 534500x800000000000000028946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.967{ec2a2542-2980-6254-503d-3bafba550000}3828/usr/sbin/groupaddroot 534500x800000000000000028945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.967{00000000-0000-0000-0000-000000000000}3831<unknown process>root 154100x800000000000000028948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.969{ec2a2542-2980-6254-6892-13f533560000}3832/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/init/qemu-kvm.conf 1:2.8+dfsg-1ubuntu1~ -- install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dash/bin/shroot 534500x800000000000000028947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.969{ec2a2542-2980-6254-98b7-202729560000}3827/usr/bin/perlroot 154100x800000000000000028949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.971{ec2a2542-2980-6254-e85b-870734560000}3833/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6892-13f533560000}3832/bin/dash/bin/shroot 154100x800000000000000028951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.972{ec2a2542-2980-6254-70b1-0c0a4b560000}3834/usr/bin/dpkg-----dpkg --validate-version -- 1:2.8+dfsg-1ubuntu1~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6892-13f533560000}3832/bin/dash/bin/shroot 534500x800000000000000028950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.972{ec2a2542-2980-6254-e85b-870734560000}3833/usr/bin/basenameroot 154100x800000000000000028954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.974{ec2a2542-2980-6254-6812-e74ab7550000}3835/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/init.d/qemu-kvm 1:2.8+dfsg-1ubuntu1~ -- install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dash/bin/shroot 534500x800000000000000028953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.974{ec2a2542-2980-6254-6892-13f533560000}3832/bin/dashroot 534500x800000000000000028952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.974{ec2a2542-2980-6254-70b1-0c0a4b560000}3834/usr/bin/dpkgroot 154100x800000000000000028955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.975{ec2a2542-2980-6254-e88b-b011ff550000}3836/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6812-e74ab7550000}3835/bin/dash/bin/shroot 154100x800000000000000028957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.976{ec2a2542-2980-6254-7041-bf918a550000}3837/usr/bin/dpkg-----dpkg --validate-version -- 1:2.8+dfsg-1ubuntu1~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2980-6254-6812-e74ab7550000}3835/bin/dash/bin/shroot 534500x800000000000000028956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.976{ec2a2542-2980-6254-e88b-b011ff550000}3836/usr/bin/basenameroot 154100x800000000000000028961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.979{ec2a2542-2980-6254-406a-d66f8e550000}3838/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/015-qemu-system-common_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.979{ec2a2542-2980-6254-6822-a402a1550000}3825/bin/dashroot 534500x800000000000000028959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.979{ec2a2542-2980-6254-6812-e74ab7550000}3835/bin/dashroot 534500x800000000000000028958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:36.979{ec2a2542-2980-6254-7041-bf918a550000}3837/usr/bin/dpkgroot 534500x800000000000000028962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.029{ec2a2542-2980-6254-0000-000000000000}3839-root 534500x800000000000000028963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.042{ec2a2542-2980-6254-0000-000000000000}3840-root 534500x800000000000000028964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.043{ec2a2542-2980-6254-406a-d66f8e550000}3838/usr/bin/dpkg-debroot 154100x800000000000000028965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.064{ec2a2542-2981-6254-7043-1e835f550000}3841/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.065{ec2a2542-2981-6254-7043-1e835f550000}3841/bin/rmroot 23542300x800000000000000028966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.065{ec2a2542-2981-6254-7043-1e835f550000}3841root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.066{ec2a2542-2981-6254-d80f-1708e8550000}3842/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/016-binfmt-support_2.1.8-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.067{ec2a2542-2981-6254-40aa-d38aae550000}3843/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/016-binfmt-support_2.1.8-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.067{ec2a2542-2981-6254-d80f-1708e8550000}3842/usr/bin/dpkg-splitroot 154100x800000000000000028972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.069{ec2a2542-2981-6254-b053-b39840560000}3846/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-40aa-d38aae550000}3843/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.069{ec2a2542-2981-6254-0000-000000000000}3844-root 534500x800000000000000028973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.070{ec2a2542-2981-6254-0000-000000000000}3845-root 534500x800000000000000028975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.072{ec2a2542-2981-6254-40aa-d38aae550000}3843/usr/bin/dpkg-debroot 534500x800000000000000028974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.072{ec2a2542-2981-6254-b053-b39840560000}3846/bin/tarroot 154100x800000000000000028976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.096{ec2a2542-2981-6254-6822-fa00b9550000}3847/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000028977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.097{ec2a2542-2981-6254-6832-515de8550000}3848/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/init/binfmt-support.conf 2.1.8-1~ -- install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-6822-fa00b9550000}3847/bin/dash/bin/shroot 154100x800000000000000028978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.098{ec2a2542-2981-6254-e8ab-6efda4550000}3849/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-6832-515de8550000}3848/bin/dash/bin/shroot 534500x800000000000000028979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.099{ec2a2542-2981-6254-e8ab-6efda4550000}3849/usr/bin/basenameroot 154100x800000000000000028980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.100{ec2a2542-2981-6254-7021-26e5b1550000}3850/usr/bin/dpkg-----dpkg --validate-version -- 2.1.8-1~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-6832-515de8550000}3848/bin/dash/bin/shroot 534500x800000000000000028983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.102{ec2a2542-2981-6254-6822-fa00b9550000}3847/bin/dashroot 534500x800000000000000028982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.102{ec2a2542-2981-6254-6832-515de8550000}3848/bin/dashroot 534500x800000000000000028981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.102{ec2a2542-2981-6254-7021-26e5b1550000}3850/usr/bin/dpkgroot 154100x800000000000000028984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.103{ec2a2542-2981-6254-40aa-6fbb36560000}3851/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/016-binfmt-support_2.1.8-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.105{ec2a2542-2981-6254-0000-000000000000}3852-root 534500x800000000000000028986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.119{00000000-0000-0000-0000-000000000000}3853<unknown process>root 534500x800000000000000028987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.120{ec2a2542-2981-6254-40aa-6fbb36560000}3851/usr/bin/dpkg-debroot 154100x800000000000000028988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.144{ec2a2542-2981-6254-7053-3d1fdf550000}3854/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.145{ec2a2542-2981-6254-7053-3d1fdf550000}3854/bin/rmroot 23542300x800000000000000028989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.145{ec2a2542-2981-6254-7053-3d1fdf550000}3854root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000028991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.146{ec2a2542-2981-6254-d8af-87d7c9550000}3855/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/017-msr-tools_1.3-2build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.147{ec2a2542-2981-6254-d8af-87d7c9550000}3855/usr/bin/dpkg-splitroot 154100x800000000000000028993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.148{ec2a2542-2981-6254-40ea-a84eac550000}3856/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/017-msr-tools_1.3-2build1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000028996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.150{ec2a2542-2981-6254-0000-000000000000}3858-root 154100x800000000000000028995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.150{ec2a2542-2981-6254-b003-fdc6df550000}3859/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-40ea-a84eac550000}3856/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000028994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.150{ec2a2542-2981-6254-0000-000000000000}3857-root 534500x800000000000000028998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.153{ec2a2542-2981-6254-40ea-a84eac550000}3856/usr/bin/dpkg-debroot 534500x800000000000000028997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.153{ec2a2542-2981-6254-b003-fdc6df550000}3859/bin/tarroot 154100x800000000000000028999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.168{ec2a2542-2981-6254-40ca-670a7a550000}3860/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/017-msr-tools_1.3-2build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.170{ec2a2542-2981-6254-0000-000000000000}3861-root 534500x800000000000000029002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.172{ec2a2542-2981-6254-40ca-670a7a550000}3860/usr/bin/dpkg-debroot 534500x800000000000000029001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.172{ec2a2542-2981-6254-0000-000000000000}3862-root 154100x800000000000000029003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.251{ec2a2542-2981-6254-7003-f7f668550000}3863/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.252{ec2a2542-2981-6254-7003-f7f668550000}3863/bin/rmroot 23542300x800000000000000029004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.252{ec2a2542-2981-6254-7003-f7f668550000}3863root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.253{ec2a2542-2981-6254-d8ef-096807560000}3864/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/018-cpu-checker_0.7-0ubuntu7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.254{ec2a2542-2981-6254-403a-909a5d550000}3865/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/018-cpu-checker_0.7-0ubuntu7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.254{ec2a2542-2981-6254-d8ef-096807560000}3864/usr/bin/dpkg-splitroot 154100x800000000000000029011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.257{ec2a2542-2981-6254-b0b3-68404c560000}3868/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-403a-909a5d550000}3865/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.257{ec2a2542-2981-6254-0000-000000000000}3867-root 534500x800000000000000029009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.257{ec2a2542-2981-6254-0000-000000000000}3866-root 534500x800000000000000029013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.259{ec2a2542-2981-6254-403a-909a5d550000}3865/usr/bin/dpkg-debroot 534500x800000000000000029012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.259{ec2a2542-2981-6254-b0b3-68404c560000}3868/bin/tarroot 154100x800000000000000029014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.274{ec2a2542-2981-6254-401a-d5afa6550000}3869/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/018-cpu-checker_0.7-0ubuntu7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.276{ec2a2542-2981-6254-0000-000000000000}3870-root 534500x800000000000000029017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.277{ec2a2542-2981-6254-401a-d5afa6550000}3869/usr/bin/dpkg-debroot 534500x800000000000000029016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.277{ec2a2542-2981-6254-0000-000000000000}3871-root 154100x800000000000000029018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.295{ec2a2542-2981-6254-70f3-2424c5550000}3872/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.296{ec2a2542-2981-6254-70f3-2424c5550000}3872/bin/rmroot 23542300x800000000000000029019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.296{ec2a2542-2981-6254-70f3-2424c5550000}3872root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.297{ec2a2542-2981-6254-d8bf-4c9c0d560000}3873/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/019-libdconf1_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.298{ec2a2542-2981-6254-40ca-844635560000}3874/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/019-libdconf1_0.26.0-2ubuntu3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.298{ec2a2542-2981-6254-d8bf-4c9c0d560000}3873/usr/bin/dpkg-splitroot 154100x800000000000000029025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.300{ec2a2542-2981-6254-b0a3-db9da2550000}3877/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-40ca-844635560000}3874/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.300{ec2a2542-2981-6254-0000-000000000000}3875-root 534500x800000000000000029026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.301{ec2a2542-2981-6254-0000-000000000000}3876-root 534500x800000000000000029027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.302{ec2a2542-2981-6254-b0a3-db9da2550000}3877/bin/tarroot 534500x800000000000000029028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.303{ec2a2542-2981-6254-40ca-844635560000}3874/usr/bin/dpkg-debroot 154100x800000000000000029029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.326{ec2a2542-2981-6254-40ba-c208d1550000}3878/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/019-libdconf1_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.328{ec2a2542-2981-6254-0000-000000000000}3879-root 534500x800000000000000029032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.332{ec2a2542-2981-6254-40ba-c208d1550000}3878/usr/bin/dpkg-debroot 534500x800000000000000029031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.332{ec2a2542-2981-6254-0000-000000000000}3880-root 154100x800000000000000029033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.351{ec2a2542-2981-6254-70a3-0abc03560000}3881/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.352{ec2a2542-2981-6254-d81f-9b23dc550000}3882/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/020-dconf-service_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.352{ec2a2542-2981-6254-70a3-0abc03560000}3881/bin/rmroot 23542300x800000000000000029034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.352{ec2a2542-2981-6254-70a3-0abc03560000}3881root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.354{ec2a2542-2981-6254-401a-14ee12560000}3883/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/020-dconf-service_0.26.0-2ubuntu3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.354{ec2a2542-2981-6254-d81f-9b23dc550000}3882/usr/bin/dpkg-splitroot 534500x800000000000000029039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.356{ec2a2542-2981-6254-0000-000000000000}3884-root 154100x800000000000000029041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.357{ec2a2542-2981-6254-b043-926033560000}3886/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-401a-14ee12560000}3883/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.357{ec2a2542-2981-6254-0000-000000000000}3885-root 534500x800000000000000029043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.359{ec2a2542-2981-6254-401a-14ee12560000}3883/usr/bin/dpkg-debroot 534500x800000000000000029042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.359{ec2a2542-2981-6254-b043-926033560000}3886/bin/tarroot 154100x800000000000000029044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.375{ec2a2542-2981-6254-406a-20cd09560000}3887/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/020-dconf-service_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.378{ec2a2542-2981-6254-0000-000000000000}3888-root 534500x800000000000000029047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.383{ec2a2542-2981-6254-406a-20cd09560000}3887/usr/bin/dpkg-debroot 534500x800000000000000029046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.383{00000000-0000-0000-0000-000000000000}3889<unknown process>root 154100x800000000000000029048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.400{ec2a2542-2981-6254-70e3-947df3550000}3890/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.401{ec2a2542-2981-6254-70e3-947df3550000}3890root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.402{ec2a2542-2981-6254-70e3-947df3550000}3890/bin/rmroot 154100x800000000000000029051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.403{ec2a2542-2981-6254-d89f-80ba3f560000}3891/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/021-dconf-gsettings-backend_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.406{ec2a2542-2981-6254-404a-1b206c550000}3892/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/021-dconf-gsettings-backend_0.26.0-2ubuntu3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.406{ec2a2542-2981-6254-d89f-80ba3f560000}3891/usr/bin/dpkg-splitroot 154100x800000000000000029055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.409{ec2a2542-2981-6254-b043-960124560000}3895/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-404a-1b206c550000}3892/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.409{ec2a2542-2981-6254-0000-000000000000}3893-root 534500x800000000000000029056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.410{ec2a2542-2981-6254-0000-000000000000}3894-root 534500x800000000000000029057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.413{ec2a2542-2981-6254-b043-960124560000}3895/bin/tarroot 534500x800000000000000029058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.414{ec2a2542-2981-6254-404a-1b206c550000}3892/usr/bin/dpkg-debroot 154100x800000000000000029059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.431{ec2a2542-2981-6254-409a-9ac7a5550000}3896/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/021-dconf-gsettings-backend_0.26.0-2ubuntu3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.433{ec2a2542-2981-6254-0000-000000000000}3897-root 534500x800000000000000029061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.442{00000000-0000-0000-0000-000000000000}3898<unknown process>root 534500x800000000000000029062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.443{ec2a2542-2981-6254-409a-9ac7a5550000}3896/usr/bin/dpkg-debroot 154100x800000000000000029063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.464{ec2a2542-2981-6254-70f3-a70f33560000}3899/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.465{ec2a2542-2981-6254-70f3-a70f33560000}3899/bin/rmroot 23542300x800000000000000029064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.465{ec2a2542-2981-6254-70f3-a70f33560000}3899root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.466{ec2a2542-2981-6254-d8df-051de8550000}3900/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/022-libproxy1v5_0.4.15-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.467{ec2a2542-2981-6254-409a-38eb17560000}3901/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/022-libproxy1v5_0.4.15-1ubuntu0.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.467{ec2a2542-2981-6254-d8df-051de8550000}3900/usr/bin/dpkg-splitroot 154100x800000000000000029070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.469{ec2a2542-2981-6254-b0b3-7799f5550000}3904/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-409a-38eb17560000}3901/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.469{ec2a2542-2981-6254-0000-000000000000}3902-root 534500x800000000000000029071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.470{ec2a2542-2981-6254-0000-000000000000}3903-root 534500x800000000000000029072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.471{ec2a2542-2981-6254-b0b3-7799f5550000}3904/bin/tarroot 534500x800000000000000029073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.472{ec2a2542-2981-6254-409a-38eb17560000}3901/usr/bin/dpkg-debroot 154100x800000000000000029074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.491{ec2a2542-2981-6254-402a-661267550000}3905/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/022-libproxy1v5_0.4.15-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.493{ec2a2542-2981-6254-0000-000000000000}3906-root 534500x800000000000000029077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.498{ec2a2542-2981-6254-402a-661267550000}3905/usr/bin/dpkg-debroot 534500x800000000000000029076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.498{ec2a2542-2981-6254-0000-000000000000}3907-root 154100x800000000000000029078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.515{ec2a2542-2981-6254-7003-77bdc2550000}3908/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.516{ec2a2542-2981-6254-d82f-df716f550000}3909/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/023-glib-networking-common_2.56.0-1ubuntu0.1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.516{ec2a2542-2981-6254-7003-77bdc2550000}3908/bin/rmroot 23542300x800000000000000029079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.516{ec2a2542-2981-6254-7003-77bdc2550000}3908root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.518{ec2a2542-2981-6254-402a-1c5599550000}3910/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/023-glib-networking-common_2.56.0-1ubuntu0.1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.518{ec2a2542-2981-6254-d82f-df716f550000}3909/usr/bin/dpkg-splitroot 154100x800000000000000029085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.520{ec2a2542-2981-6254-b043-29d78b550000}3913/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-402a-1c5599550000}3910/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.520{ec2a2542-2981-6254-0000-000000000000}3911-root 534500x800000000000000029086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.521{ec2a2542-2981-6254-0000-000000000000}3912-root 534500x800000000000000029088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.526{ec2a2542-2981-6254-402a-1c5599550000}3910/usr/bin/dpkg-debroot 534500x800000000000000029087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.526{ec2a2542-2981-6254-b043-29d78b550000}3913/bin/tarroot 154100x800000000000000029089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.543{ec2a2542-2981-6254-407a-0dbde1550000}3914/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/023-glib-networking-common_2.56.0-1ubuntu0.1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.545{ec2a2542-2981-6254-0000-000000000000}3915-root 534500x800000000000000029092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.547{ec2a2542-2981-6254-407a-0dbde1550000}3914/usr/bin/dpkg-debroot 534500x800000000000000029091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.547{ec2a2542-2981-6254-0000-000000000000}3916-root 154100x800000000000000029093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.564{ec2a2542-2981-6254-7053-080df3550000}3917/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.566{ec2a2542-2981-6254-d82f-f01e63550000}3918/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/024-glib-networking-services_2.56.0-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.566{ec2a2542-2981-6254-7053-080df3550000}3917/bin/rmroot 23542300x800000000000000029094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.566{ec2a2542-2981-6254-7053-080df3550000}3917root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.567{ec2a2542-2981-6254-d82f-f01e63550000}3918/usr/bin/dpkg-splitroot 154100x800000000000000029098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.568{ec2a2542-2981-6254-40fa-2eac4c560000}3919/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/024-glib-networking-services_2.56.0-1ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.569{ec2a2542-2981-6254-b033-73c56a550000}3922/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-40fa-2eac4c560000}3919/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.569{ec2a2542-2981-6254-0000-000000000000}3920-root 534500x800000000000000029101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.570{ec2a2542-2981-6254-0000-000000000000}3921-root 534500x800000000000000029103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.572{ec2a2542-2981-6254-40fa-2eac4c560000}3919/usr/bin/dpkg-debroot 534500x800000000000000029102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.572{ec2a2542-2981-6254-b033-73c56a550000}3922/bin/tarroot 154100x800000000000000029104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.589{ec2a2542-2981-6254-40da-7ee8b8550000}3923/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/024-glib-networking-services_2.56.0-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.591{ec2a2542-2981-6254-0000-000000000000}3924-root 534500x800000000000000029106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.593{00000000-0000-0000-0000-000000000000}3925<unknown process>root 534500x800000000000000029107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.594{ec2a2542-2981-6254-40da-7ee8b8550000}3923/usr/bin/dpkg-debroot 154100x800000000000000029108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.611{ec2a2542-2981-6254-70d3-47cec1550000}3926/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.612{ec2a2542-2981-6254-d8ff-4617dd550000}3927/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/025-gsettings-desktop-schemas_3.28.0-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.612{ec2a2542-2981-6254-70d3-47cec1550000}3926/bin/rmroot 23542300x800000000000000029109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.612{ec2a2542-2981-6254-70d3-47cec1550000}3926root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.614{ec2a2542-2981-6254-407a-463540560000}3928/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/025-gsettings-desktop-schemas_3.28.0-1ubuntu1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.614{ec2a2542-2981-6254-d8ff-4617dd550000}3927/usr/bin/dpkg-splitroot 154100x800000000000000029115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.616{ec2a2542-2981-6254-b043-2692de550000}3931/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-407a-463540560000}3928/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.616{ec2a2542-2981-6254-0000-000000000000}3929-root 534500x800000000000000029116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.617{ec2a2542-2981-6254-0000-000000000000}3930-root 534500x800000000000000029118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.618{ec2a2542-2981-6254-407a-463540560000}3928/usr/bin/dpkg-debroot 534500x800000000000000029117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.618{ec2a2542-2981-6254-b043-2692de550000}3931/bin/tarroot 154100x800000000000000029119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.635{ec2a2542-2981-6254-40ba-df2169550000}3932/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/025-gsettings-desktop-schemas_3.28.0-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.637{ec2a2542-2981-6254-0000-000000000000}3933-root 534500x800000000000000029121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.653{00000000-0000-0000-0000-000000000000}3934<unknown process>root 534500x800000000000000029122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.654{ec2a2542-2981-6254-40ba-df2169550000}3932/usr/bin/dpkg-debroot 154100x800000000000000029123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.673{ec2a2542-2981-6254-7083-a87bde550000}3935/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.674{ec2a2542-2981-6254-7083-a87bde550000}3935/bin/rmroot 23542300x800000000000000029124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.674{ec2a2542-2981-6254-7083-a87bde550000}3935root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.675{ec2a2542-2981-6254-d8cf-b60593550000}3936/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/026-glib-networking_2.56.0-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.676{ec2a2542-2981-6254-403a-ad9b60550000}3937/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/026-glib-networking_2.56.0-1ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.676{ec2a2542-2981-6254-d8cf-b60593550000}3936/usr/bin/dpkg-splitroot 154100x800000000000000029130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.678{ec2a2542-2981-6254-b053-77f90b560000}3940/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-403a-ad9b60550000}3937/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.678{ec2a2542-2981-6254-0000-000000000000}3938-root 534500x800000000000000029131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.679{ec2a2542-2981-6254-0000-000000000000}3939-root 534500x800000000000000029132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.680{ec2a2542-2981-6254-b053-77f90b560000}3940/bin/tarroot 534500x800000000000000029133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.681{ec2a2542-2981-6254-403a-ad9b60550000}3937/usr/bin/dpkg-debroot 154100x800000000000000029134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.695{ec2a2542-2981-6254-402a-4033a9550000}3941/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/026-glib-networking_2.56.0-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.698{ec2a2542-2981-6254-0000-000000000000}3942-root 534500x800000000000000029136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.704{ec2a2542-2981-6254-0000-000000000000}3943-root 534500x800000000000000029137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.705{ec2a2542-2981-6254-402a-4033a9550000}3941/usr/bin/dpkg-debroot 154100x800000000000000029138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.721{ec2a2542-2981-6254-70e3-194a1f560000}3944/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.722{ec2a2542-2981-6254-70e3-194a1f560000}3944root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.723{ec2a2542-2981-6254-d88f-ab0fd8550000}3945/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/027-libcdparanoia0_3.10.2+debian-13_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.723{ec2a2542-2981-6254-70e3-194a1f560000}3944/bin/rmroot 534500x800000000000000029142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.724{ec2a2542-2981-6254-d88f-ab0fd8550000}3945/usr/bin/dpkg-splitroot 154100x800000000000000029143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.725{ec2a2542-2981-6254-403a-331332560000}3946/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/027-libcdparanoia0_3.10.2+debian-13_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.726{ec2a2542-2981-6254-b0e3-da27a3550000}3949/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-403a-331332560000}3946/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.726{ec2a2542-2981-6254-0000-000000000000}3947-root 534500x800000000000000029146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.728{ec2a2542-2981-6254-0000-000000000000}3948-root 534500x800000000000000029148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.729{ec2a2542-2981-6254-403a-331332560000}3946/usr/bin/dpkg-debroot 534500x800000000000000029147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.729{ec2a2542-2981-6254-b0e3-da27a3550000}3949/bin/tarroot 154100x800000000000000029149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.749{ec2a2542-2981-6254-40fa-cf9a53560000}3950/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/027-libcdparanoia0_3.10.2+debian-13_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.751{ec2a2542-2981-6254-0000-000000000000}3951-root 534500x800000000000000029151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.756{ec2a2542-2981-6254-0000-000000000000}3952-root 534500x800000000000000029152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.757{ec2a2542-2981-6254-40fa-cf9a53560000}3950/usr/bin/dpkg-debroot 154100x800000000000000029153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.774{ec2a2542-2981-6254-7023-270957550000}3953/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.776{ec2a2542-2981-6254-d84f-036efa550000}3954/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/028-libgstreamer1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.776{ec2a2542-2981-6254-7023-270957550000}3953/bin/rmroot 23542300x800000000000000029154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.776{ec2a2542-2981-6254-7023-270957550000}3953root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.777{ec2a2542-2981-6254-d84f-036efa550000}3954/usr/bin/dpkg-splitroot 154100x800000000000000029158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.778{ec2a2542-2981-6254-401a-494a24560000}3955/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/028-libgstreamer1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.780{ec2a2542-2981-6254-b013-569423560000}3958/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-401a-494a24560000}3955/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.780{ec2a2542-2981-6254-0000-000000000000}3956-root 534500x800000000000000029163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.786{ec2a2542-2981-6254-401a-494a24560000}3955/usr/bin/dpkg-debroot 534500x800000000000000029162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.786{ec2a2542-2981-6254-b013-569423560000}3958/bin/tarroot 534500x800000000000000029161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.786{ec2a2542-2981-6254-0000-000000000000}3957-root 154100x800000000000000029164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.812{ec2a2542-2981-6254-405a-8785b9550000}3959/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/028-libgstreamer1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.817{ec2a2542-2981-6254-6884-400281550000}3962/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938--- 354300x800000000000000029166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.826{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54746-false10.0.1.12-8000- 534500x800000000000000029167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.828{ec2a2542-2981-6254-6884-400281550000}3962/bin/psroot 534500x800000000000000029168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.890{ec2a2542-2981-6254-0000-000000000000}3960-root 534500x800000000000000029170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.899{ec2a2542-2981-6254-405a-8785b9550000}3959/usr/bin/dpkg-debroot 534500x800000000000000029169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.899{ec2a2542-2981-6254-0000-000000000000}3961-root 154100x800000000000000029171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.934{ec2a2542-2981-6254-7073-357e1e560000}3963/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.936{ec2a2542-2981-6254-7073-357e1e560000}3963/bin/rmroot 23542300x800000000000000029172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.936{ec2a2542-2981-6254-7073-357e1e560000}3963root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.937{ec2a2542-2981-6254-d86f-8cd72e560000}3964/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/029-liborc-0.4-0_1%3a0.4.28-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.938{ec2a2542-2981-6254-d86f-8cd72e560000}3964/usr/bin/dpkg-splitroot 154100x800000000000000029176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.939{ec2a2542-2981-6254-409a-d2f769550000}3965/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/029-liborc-0.4-0_1%3a0.4.28-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.940{ec2a2542-2981-6254-b0d3-42d764550000}3968/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2981-6254-409a-d2f769550000}3965/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.940{ec2a2542-2981-6254-0000-000000000000}3966-root 534500x800000000000000029179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.941{ec2a2542-2981-6254-0000-000000000000}3967-root 534500x800000000000000029181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.943{ec2a2542-2981-6254-409a-d2f769550000}3965/usr/bin/dpkg-debroot 534500x800000000000000029180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.943{ec2a2542-2981-6254-b0d3-42d764550000}3968/bin/tarroot 154100x800000000000000029182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.962{ec2a2542-2981-6254-40ba-1db11c560000}3969/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/029-liborc-0.4-0_1%3a0.4.28-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.972{ec2a2542-2981-6254-0000-000000000000}3970-root 534500x800000000000000029185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.979{ec2a2542-2981-6254-40ba-1db11c560000}3969/usr/bin/dpkg-debroot 534500x800000000000000029184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:37.979{00000000-0000-0000-0000-000000000000}3971<unknown process>root 154100x800000000000000029186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.018{ec2a2542-2982-6254-7093-c08d80550000}3972/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.020{ec2a2542-2982-6254-d8cf-ccd646560000}3973/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/030-libgstreamer-plugins-base1.0-0_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.020{ec2a2542-2982-6254-7093-c08d80550000}3972/bin/rmroot 23542300x800000000000000029187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.020{ec2a2542-2982-6254-7093-c08d80550000}3972root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.021{ec2a2542-2982-6254-d8cf-ccd646560000}3973/usr/bin/dpkg-splitroot 154100x800000000000000029191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.022{ec2a2542-2982-6254-402a-ee3dae550000}3974/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/030-libgstreamer-plugins-base1.0-0_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.023{ec2a2542-2982-6254-b0a3-04844c560000}3977/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-402a-ee3dae550000}3974/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.023{ec2a2542-2982-6254-0000-000000000000}3975-root 534500x800000000000000029196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.026{ec2a2542-2982-6254-402a-ee3dae550000}3974/usr/bin/dpkg-debroot 534500x800000000000000029195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.026{ec2a2542-2982-6254-b0a3-04844c560000}3977/bin/tarroot 534500x800000000000000029194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.026{ec2a2542-2982-6254-0000-000000000000}3976-root 154100x800000000000000029197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.049{ec2a2542-2982-6254-404a-90a077550000}3978/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/030-libgstreamer-plugins-base1.0-0_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.131{ec2a2542-2982-6254-0000-000000000000}3979-root 534500x800000000000000029199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.146{ec2a2542-2982-6254-0000-000000000000}3980-root 534500x800000000000000029200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.148{ec2a2542-2982-6254-404a-90a077550000}3978/usr/bin/dpkg-debroot 154100x800000000000000029201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.168{ec2a2542-2982-6254-7083-8d3216560000}3981/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.169{ec2a2542-2982-6254-7083-8d3216560000}3981/bin/rmroot 23542300x800000000000000029202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.169{ec2a2542-2982-6254-7083-8d3216560000}3981root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.170{ec2a2542-2982-6254-d82f-a00290550000}3982/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/031-libopus0_1.1.2-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.171{ec2a2542-2982-6254-40aa-82b9d0550000}3983/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/031-libopus0_1.1.2-1ubuntu1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.171{ec2a2542-2982-6254-d82f-a00290550000}3982/usr/bin/dpkg-splitroot 534500x800000000000000029209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.174{ec2a2542-2982-6254-0000-000000000000}3985-root 154100x800000000000000029208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.174{ec2a2542-2982-6254-b093-7ab6a6550000}3986/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-40aa-82b9d0550000}3983/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.174{ec2a2542-2982-6254-0000-000000000000}3984-root 534500x800000000000000029211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.176{ec2a2542-2982-6254-40aa-82b9d0550000}3983/usr/bin/dpkg-debroot 534500x800000000000000029210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.176{ec2a2542-2982-6254-b093-7ab6a6550000}3986/bin/tarroot 154100x800000000000000029212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.200{ec2a2542-2982-6254-40ea-fb1845560000}3987/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/031-libopus0_1.1.2-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.211{ec2a2542-2982-6254-0000-000000000000}3988-root 534500x800000000000000029215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.218{ec2a2542-2982-6254-40ea-fb1845560000}3987/usr/bin/dpkg-debroot 534500x800000000000000029214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.218{00000000-0000-0000-0000-000000000000}3989<unknown process>root 154100x800000000000000029216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.235{ec2a2542-2982-6254-7093-6099a0550000}3990/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.237{ec2a2542-2982-6254-d8bf-07aaed550000}3991/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/032-libpixman-1-0_0.34.0-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.237{ec2a2542-2982-6254-7093-6099a0550000}3990/bin/rmroot 23542300x800000000000000029217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.237{ec2a2542-2982-6254-7093-6099a0550000}3990root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.238{ec2a2542-2982-6254-d8bf-07aaed550000}3991/usr/bin/dpkg-splitroot 154100x800000000000000029221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.239{ec2a2542-2982-6254-408a-969721560000}3992/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/032-libpixman-1-0_0.34.0-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.240{ec2a2542-2982-6254-b0a3-3cc5b8550000}3995/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-408a-969721560000}3992/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.240{ec2a2542-2982-6254-0000-000000000000}3993-root 534500x800000000000000029224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.242{ec2a2542-2982-6254-0000-000000000000}3994-root 534500x800000000000000029226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.243{ec2a2542-2982-6254-408a-969721560000}3992/usr/bin/dpkg-debroot 534500x800000000000000029225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.243{ec2a2542-2982-6254-b0a3-3cc5b8550000}3995/bin/tarroot 154100x800000000000000029227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.269{ec2a2542-2982-6254-408a-f620d0550000}3996/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/032-libpixman-1-0_0.34.0-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.286{ec2a2542-2982-6254-0000-000000000000}3997-root 534500x800000000000000029230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.296{ec2a2542-2982-6254-408a-f620d0550000}3996/usr/bin/dpkg-debroot 534500x800000000000000029229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.296{00000000-0000-0000-0000-000000000000}3998<unknown process>root 154100x800000000000000029231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.344{ec2a2542-2982-6254-7073-d69f87550000}3999/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.345{ec2a2542-2982-6254-7073-d69f87550000}3999/bin/rmroot 23542300x800000000000000029232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.345{ec2a2542-2982-6254-7073-d69f87550000}3999root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.346{ec2a2542-2982-6254-d88f-03411f560000}4000/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/033-libxcb-render0_1.13-2~ubuntu18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.347{ec2a2542-2982-6254-40fa-fe9d61550000}4001/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/033-libxcb-render0_1.13-2~ubuntu18.04_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.347{ec2a2542-2982-6254-d88f-03411f560000}4000/usr/bin/dpkg-splitroot 154100x800000000000000029238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.349{ec2a2542-2982-6254-b0e3-1952ea550000}4004/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-40fa-fe9d61550000}4001/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.349{ec2a2542-2982-6254-0000-000000000000}4002-root 534500x800000000000000029239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.350{ec2a2542-2982-6254-0000-000000000000}4003-root 534500x800000000000000029240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.351{ec2a2542-2982-6254-b0e3-1952ea550000}4004/bin/tarroot 534500x800000000000000029241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.352{ec2a2542-2982-6254-40fa-fe9d61550000}4001/usr/bin/dpkg-debroot 154100x800000000000000029242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.378{ec2a2542-2982-6254-404a-139375550000}4005/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/033-libxcb-render0_1.13-2~ubuntu18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.380{ec2a2542-2982-6254-0000-000000000000}4006-root 534500x800000000000000029244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.382{ec2a2542-2982-6254-0000-000000000000}4007-root 534500x800000000000000029245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.383{ec2a2542-2982-6254-404a-139375550000}4005/usr/bin/dpkg-debroot 154100x800000000000000029246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.402{ec2a2542-2982-6254-70f3-8cf5ec550000}4008/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.404{ec2a2542-2982-6254-d8bf-3e2861550000}4009/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/034-libxcb-shm0_1.13-2~ubuntu18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.404{ec2a2542-2982-6254-70f3-8cf5ec550000}4008/bin/rmroot 23542300x800000000000000029247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.404{ec2a2542-2982-6254-70f3-8cf5ec550000}4008root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.405{ec2a2542-2982-6254-40da-aa8cce550000}4010/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/034-libxcb-shm0_1.13-2~ubuntu18.04_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.405{ec2a2542-2982-6254-d8bf-3e2861550000}4009/usr/bin/dpkg-splitroot 154100x800000000000000029253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.409{ec2a2542-2982-6254-b063-ac1e3a560000}4013/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-40da-aa8cce550000}4010/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.409{ec2a2542-2982-6254-0000-000000000000}4011-root 534500x800000000000000029254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.410{ec2a2542-2982-6254-0000-000000000000}4012-root 534500x800000000000000029256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.411{ec2a2542-2982-6254-40da-aa8cce550000}4010/usr/bin/dpkg-debroot 534500x800000000000000029255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.411{ec2a2542-2982-6254-b063-ac1e3a560000}4013/bin/tarroot 154100x800000000000000029257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.437{ec2a2542-2982-6254-402a-21f1e4550000}4014/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/034-libxcb-shm0_1.13-2~ubuntu18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.440{ec2a2542-2982-6254-0000-000000000000}4015-root 534500x800000000000000029260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.441{ec2a2542-2982-6254-402a-21f1e4550000}4014/usr/bin/dpkg-debroot 534500x800000000000000029259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.441{00000000-0000-0000-0000-000000000000}4016<unknown process>root 154100x800000000000000029261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.483{ec2a2542-2982-6254-7043-f8a6a1550000}4017/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.484{ec2a2542-2982-6254-d86f-fd88de550000}4018/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/035-libxrender1_1%3a0.9.10-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.484{ec2a2542-2982-6254-7043-f8a6a1550000}4017/bin/rmroot 23542300x800000000000000029262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.484{ec2a2542-2982-6254-7043-f8a6a1550000}4017root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.486{ec2a2542-2982-6254-404a-8a3377550000}4019/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/035-libxrender1_1%3a0.9.10-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.486{ec2a2542-2982-6254-d86f-fd88de550000}4018/usr/bin/dpkg-splitroot 154100x800000000000000029269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.488{ec2a2542-2982-6254-b0f3-dddb19560000}4022/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-404a-8a3377550000}4019/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.488{ec2a2542-2982-6254-0000-000000000000}4020-root 534500x800000000000000029268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.489{ec2a2542-2982-6254-0000-000000000000}4021-root 534500x800000000000000029271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.492{ec2a2542-2982-6254-404a-8a3377550000}4019/usr/bin/dpkg-debroot 534500x800000000000000029270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.492{ec2a2542-2982-6254-b0f3-dddb19560000}4022/bin/tarroot 154100x800000000000000029272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.514{ec2a2542-2982-6254-40da-f180cb550000}4023/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/035-libxrender1_1%3a0.9.10-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.516{00000000-0000-0000-0000-000000000000}4024<unknown process>root 534500x800000000000000029274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.519{00000000-0000-0000-0000-000000000000}4025<unknown process>root 534500x800000000000000029275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.520{ec2a2542-2982-6254-40da-f180cb550000}4023/usr/bin/dpkg-debroot 154100x800000000000000029276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.539{ec2a2542-2982-6254-7043-b43c99550000}4026/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.540{ec2a2542-2982-6254-7043-b43c99550000}4026/bin/rmroot 23542300x800000000000000029277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.540{ec2a2542-2982-6254-7043-b43c99550000}4026root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.541{ec2a2542-2982-6254-d8bf-0acd3d560000}4027/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/036-libcairo2_1.15.10-2ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.542{ec2a2542-2982-6254-406a-e4cc69550000}4028/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/036-libcairo2_1.15.10-2ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.542{ec2a2542-2982-6254-d8bf-0acd3d560000}4027/usr/bin/dpkg-splitroot 154100x800000000000000029283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.544{ec2a2542-2982-6254-b0a3-7df8c3550000}4031/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-406a-e4cc69550000}4028/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.544{ec2a2542-2982-6254-0000-000000000000}4029-root 534500x800000000000000029284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.546{ec2a2542-2982-6254-0000-000000000000}4030-root 534500x800000000000000029286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.547{ec2a2542-2982-6254-406a-e4cc69550000}4028/usr/bin/dpkg-debroot 534500x800000000000000029285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.547{ec2a2542-2982-6254-b0a3-7df8c3550000}4031/bin/tarroot 154100x800000000000000029287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.570{ec2a2542-2982-6254-40fa-755919560000}4032/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/036-libcairo2_1.15.10-2ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.632{ec2a2542-2982-6254-0000-000000000000}4033-root 534500x800000000000000029289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.635{ec2a2542-2982-6254-0000-000000000000}4034-root 534500x800000000000000029290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.636{ec2a2542-2982-6254-40fa-755919560000}4032/usr/bin/dpkg-debroot 154100x800000000000000029291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.655{ec2a2542-2982-6254-7003-296130560000}4035/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.656{ec2a2542-2982-6254-7003-296130560000}4035/bin/rmroot 23542300x800000000000000029292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.656{ec2a2542-2982-6254-7003-296130560000}4035root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.657{ec2a2542-2982-6254-d82f-95f4e1550000}4036/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/037-libtheora0_1.1.1+dfsg.1-14_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.658{ec2a2542-2982-6254-401a-8b87ae550000}4037/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/037-libtheora0_1.1.1+dfsg.1-14_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.658{ec2a2542-2982-6254-d82f-95f4e1550000}4036/usr/bin/dpkg-splitroot 154100x800000000000000029298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.660{ec2a2542-2982-6254-b003-a035fa550000}4040/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-401a-8b87ae550000}4037/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.660{ec2a2542-2982-6254-0000-000000000000}4038-root 534500x800000000000000029299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.661{ec2a2542-2982-6254-0000-000000000000}4039-root 534500x800000000000000029301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.663{ec2a2542-2982-6254-401a-8b87ae550000}4037/usr/bin/dpkg-debroot 534500x800000000000000029300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.663{ec2a2542-2982-6254-b003-a035fa550000}4040/bin/tarroot 154100x800000000000000029302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.689{ec2a2542-2982-6254-409a-6f7459550000}4041/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/037-libtheora0_1.1.1+dfsg.1-14_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.701{ec2a2542-2982-6254-0000-000000000000}4042-root 534500x800000000000000029305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.713{ec2a2542-2982-6254-409a-6f7459550000}4041/usr/bin/dpkg-debroot 534500x800000000000000029304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.713{ec2a2542-2982-6254-0000-000000000000}4043-root 154100x800000000000000029306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.755{ec2a2542-2982-6254-7013-9d3833560000}4044/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.756{ec2a2542-2982-6254-7013-9d3833560000}4044root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.757{ec2a2542-2982-6254-d89f-19db14560000}4045/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/038-libvisual-0.4-0_0.4.0-11_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.757{ec2a2542-2982-6254-7013-9d3833560000}4044/bin/rmroot 154100x800000000000000029311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.758{ec2a2542-2982-6254-400a-303729560000}4046/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/038-libvisual-0.4-0_0.4.0-11_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.758{ec2a2542-2982-6254-d89f-19db14560000}4045/usr/bin/dpkg-splitroot 154100x800000000000000029313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.760{ec2a2542-2982-6254-b003-c1feed550000}4049/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-400a-303729560000}4046/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.760{ec2a2542-2982-6254-0000-000000000000}4047-root 534500x800000000000000029314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.761{ec2a2542-2982-6254-0000-000000000000}4048-root 534500x800000000000000029315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.762{ec2a2542-2982-6254-b003-c1feed550000}4049/bin/tarroot 534500x800000000000000029316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.763{ec2a2542-2982-6254-400a-303729560000}4046/usr/bin/dpkg-debroot 154100x800000000000000029317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.784{ec2a2542-2982-6254-401a-89a247560000}4050/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/038-libvisual-0.4-0_0.4.0-11_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.792{ec2a2542-2982-6254-0000-000000000000}4051-root 534500x800000000000000029320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.797{ec2a2542-2982-6254-401a-89a247560000}4050/usr/bin/dpkg-debroot 534500x800000000000000029319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.797{00000000-0000-0000-0000-000000000000}4052<unknown process>root 154100x800000000000000029321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.816{ec2a2542-2982-6254-7023-6fefff550000}4053/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.817{ec2a2542-2982-6254-7023-6fefff550000}4053/bin/rmroot 23542300x800000000000000029322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.817{ec2a2542-2982-6254-7023-6fefff550000}4053root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.818{ec2a2542-2982-6254-d84f-b70f73550000}4054/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/039-libvorbis0a_1.3.5-4.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.819{ec2a2542-2982-6254-40ca-94791b560000}4055/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/039-libvorbis0a_1.3.5-4.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.819{ec2a2542-2982-6254-d84f-b70f73550000}4054/usr/bin/dpkg-splitroot 154100x800000000000000029328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.821{ec2a2542-2982-6254-b0f3-72f257550000}4058/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-40ca-94791b560000}4055/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.821{ec2a2542-2982-6254-0000-000000000000}4056-root 534500x800000000000000029329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.822{ec2a2542-2982-6254-0000-000000000000}4057-root 534500x800000000000000029330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.823{ec2a2542-2982-6254-b0f3-72f257550000}4058/bin/tarroot 534500x800000000000000029331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.824{ec2a2542-2982-6254-40ca-94791b560000}4055/usr/bin/dpkg-debroot 154100x800000000000000029332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.846{ec2a2542-2982-6254-403a-7e8c6b550000}4059/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/039-libvorbis0a_1.3.5-4.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.851{ec2a2542-2982-6254-0000-000000000000}4060-root 534500x800000000000000029335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.858{ec2a2542-2982-6254-403a-7e8c6b550000}4059/usr/bin/dpkg-debroot 534500x800000000000000029334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.858{ec2a2542-2982-6254-0000-000000000000}4061-root 154100x800000000000000029336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.875{ec2a2542-2982-6254-70c3-c7a2e2550000}4062/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.876{ec2a2542-2982-6254-d82f-100383550000}4063/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/040-libvorbisenc2_1.3.5-4.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.876{ec2a2542-2982-6254-70c3-c7a2e2550000}4062/bin/rmroot 23542300x800000000000000029337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.876{ec2a2542-2982-6254-70c3-c7a2e2550000}4062root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.878{ec2a2542-2982-6254-40ba-e31959550000}4064/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/040-libvorbisenc2_1.3.5-4.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.878{ec2a2542-2982-6254-d82f-100383550000}4063/usr/bin/dpkg-splitroot 154100x800000000000000029343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.880{ec2a2542-2982-6254-b0b3-480f3e560000}4067/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-40ba-e31959550000}4064/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.880{ec2a2542-2982-6254-0000-000000000000}4065-root 534500x800000000000000029344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.881{ec2a2542-2982-6254-0000-000000000000}4066-root 534500x800000000000000029346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.882{ec2a2542-2982-6254-40ba-e31959550000}4064/usr/bin/dpkg-debroot 534500x800000000000000029345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.882{ec2a2542-2982-6254-b0b3-480f3e560000}4067/bin/tarroot 154100x800000000000000029347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.908{ec2a2542-2982-6254-401a-a9777b550000}4068/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/040-libvorbisenc2_1.3.5-4.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.913{ec2a2542-2982-6254-0000-000000000000}4069-root 534500x800000000000000029350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.924{ec2a2542-2982-6254-401a-a9777b550000}4068/usr/bin/dpkg-debroot 534500x800000000000000029349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.924{00000000-0000-0000-0000-000000000000}4070<unknown process>root 154100x800000000000000029351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.975{ec2a2542-2982-6254-70b3-e0f6dd550000}4071/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.977{ec2a2542-2982-6254-d88f-14dc38560000}4072/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/041-gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.977{ec2a2542-2982-6254-70b3-e0f6dd550000}4071/bin/rmroot 23542300x800000000000000029352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.977{ec2a2542-2982-6254-70b3-e0f6dd550000}4071root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.978{ec2a2542-2982-6254-407a-59c293550000}4073/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/041-gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.978{ec2a2542-2982-6254-d88f-14dc38560000}4072/usr/bin/dpkg-splitroot 154100x800000000000000029358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.981{ec2a2542-2982-6254-b0d3-e7379e550000}4076/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2982-6254-407a-59c293550000}4073/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.981{ec2a2542-2982-6254-0000-000000000000}4074-root 534500x800000000000000029359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.982{ec2a2542-2982-6254-0000-000000000000}4075-root 534500x800000000000000029360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.983{ec2a2542-2982-6254-b0d3-e7379e550000}4076/bin/tarroot 534500x800000000000000029361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:38.987{ec2a2542-2982-6254-407a-59c293550000}4073/usr/bin/dpkg-debroot 154100x800000000000000029362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.003{ec2a2542-2983-6254-404a-fc7952560000}4077/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/041-gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.072{ec2a2542-2982-6254-0000-000000000000}4078-root 534500x800000000000000029365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.084{ec2a2542-2983-6254-404a-fc7952560000}4077/usr/bin/dpkg-debroot 534500x800000000000000029364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.084{00000000-0000-0000-0000-000000000000}4079<unknown process>root 154100x800000000000000029366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.107{ec2a2542-2983-6254-70f3-2911ba550000}4080/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.108{ec2a2542-2983-6254-70f3-2911ba550000}4080/bin/rmroot 23542300x800000000000000029367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.108{ec2a2542-2983-6254-70f3-2911ba550000}4080root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.109{ec2a2542-2983-6254-d8ff-9d5a45560000}4081/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/042-libaa1_1.4p5-44build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.110{ec2a2542-2983-6254-400a-51f745560000}4082/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/042-libaa1_1.4p5-44build2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.110{ec2a2542-2983-6254-d8ff-9d5a45560000}4081/usr/bin/dpkg-splitroot 154100x800000000000000029373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.112{ec2a2542-2983-6254-b073-689030560000}4085/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-400a-51f745560000}4082/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.112{ec2a2542-2983-6254-0000-000000000000}4083-root 534500x800000000000000029374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.113{ec2a2542-2983-6254-0000-000000000000}4084-root 534500x800000000000000029376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.115{ec2a2542-2983-6254-400a-51f745560000}4082/usr/bin/dpkg-debroot 534500x800000000000000029375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.115{ec2a2542-2983-6254-b073-689030560000}4085/bin/tarroot 154100x800000000000000029377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.137{ec2a2542-2983-6254-40ca-93b7c0550000}4086/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/042-libaa1_1.4p5-44build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.139{ec2a2542-2983-6254-0000-000000000000}4087-root 534500x800000000000000029379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.144{00000000-0000-0000-0000-000000000000}4088<unknown process>root 534500x800000000000000029380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.145{ec2a2542-2983-6254-40ca-93b7c0550000}4086/usr/bin/dpkg-debroot 154100x800000000000000029381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.166{ec2a2542-2983-6254-7083-355ab2550000}4089/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.168{ec2a2542-2983-6254-d85f-c64c33560000}4090/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/043-libraw1394-11_2.1.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.168{ec2a2542-2983-6254-7083-355ab2550000}4089/bin/rmroot 23542300x800000000000000029382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.168{ec2a2542-2983-6254-7083-355ab2550000}4089root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.170{ec2a2542-2983-6254-408a-9d1b8c550000}4091/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/043-libraw1394-11_2.1.2-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.170{ec2a2542-2983-6254-d85f-c64c33560000}4090/usr/bin/dpkg-splitroot 154100x800000000000000029388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.174{ec2a2542-2983-6254-b0d3-67f04d560000}4094/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-408a-9d1b8c550000}4091/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.174{ec2a2542-2983-6254-0000-000000000000}4092-root 534500x800000000000000029389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.175{ec2a2542-2983-6254-0000-000000000000}4093-root 534500x800000000000000029391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.177{ec2a2542-2983-6254-408a-9d1b8c550000}4091/usr/bin/dpkg-debroot 534500x800000000000000029390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.177{ec2a2542-2983-6254-b0d3-67f04d560000}4094/bin/tarroot 154100x800000000000000029392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.199{ec2a2542-2983-6254-40ea-0f58ff550000}4095/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/043-libraw1394-11_2.1.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.201{ec2a2542-2983-6254-0000-000000000000}4096-root 534500x800000000000000029395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.205{ec2a2542-2983-6254-40ea-0f58ff550000}4095/usr/bin/dpkg-debroot 534500x800000000000000029394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.205{00000000-0000-0000-0000-000000000000}4097<unknown process>root 154100x800000000000000029396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.226{ec2a2542-2983-6254-7093-b49170550000}4098/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.227{ec2a2542-2983-6254-d8df-06aea4550000}4099/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/044-libavc1394-0_0.5.4-4build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.227{ec2a2542-2983-6254-7093-b49170550000}4098/bin/rmroot 23542300x800000000000000029397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.227{ec2a2542-2983-6254-7093-b49170550000}4098root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.229{ec2a2542-2983-6254-401a-1d7e26560000}4100/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/044-libavc1394-0_0.5.4-4build1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.229{ec2a2542-2983-6254-d8df-06aea4550000}4099/usr/bin/dpkg-splitroot 154100x800000000000000029403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.231{ec2a2542-2983-6254-b013-02b543560000}4103/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-401a-1d7e26560000}4100/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.231{ec2a2542-2983-6254-0000-000000000000}4101-root 534500x800000000000000029404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.232{ec2a2542-2983-6254-0000-000000000000}4102-root 534500x800000000000000029406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.233{ec2a2542-2983-6254-401a-1d7e26560000}4100/usr/bin/dpkg-debroot 534500x800000000000000029405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.233{ec2a2542-2983-6254-b013-02b543560000}4103/bin/tarroot 154100x800000000000000029407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.259{ec2a2542-2983-6254-40da-4e3e1b560000}4104/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/044-libavc1394-0_0.5.4-4build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.261{ec2a2542-2983-6254-0000-000000000000}4105-root 534500x800000000000000029410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.263{ec2a2542-2983-6254-40da-4e3e1b560000}4104/usr/bin/dpkg-debroot 534500x800000000000000029409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.263{00000000-0000-0000-0000-000000000000}4106<unknown process>root 154100x800000000000000029411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.285{ec2a2542-2983-6254-70c3-a9e2cd550000}4107/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.286{ec2a2542-2983-6254-70c3-a9e2cd550000}4107root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.287{ec2a2542-2983-6254-d89f-e5a0d0550000}4108/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/045-libcaca0_0.99.beta19-2ubuntu0.18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.287{ec2a2542-2983-6254-70c3-a9e2cd550000}4107/bin/rmroot 154100x800000000000000029416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.288{ec2a2542-2983-6254-40ba-178dec550000}4109/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/045-libcaca0_0.99.beta19-2ubuntu0.18.04.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.288{ec2a2542-2983-6254-d89f-e5a0d0550000}4108/usr/bin/dpkg-splitroot 154100x800000000000000029418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.291{ec2a2542-2983-6254-b043-c7d088550000}4112/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40ba-178dec550000}4109/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.291{ec2a2542-2983-6254-0000-000000000000}4110-root 534500x800000000000000029419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.292{ec2a2542-2983-6254-0000-000000000000}4111-root 534500x800000000000000029421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.293{ec2a2542-2983-6254-40ba-178dec550000}4109/usr/bin/dpkg-debroot 534500x800000000000000029420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.293{ec2a2542-2983-6254-b043-c7d088550000}4112/bin/tarroot 154100x800000000000000029422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.316{ec2a2542-2983-6254-405a-101ae1550000}4113/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/045-libcaca0_0.99.beta19-2ubuntu0.18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.334{ec2a2542-2983-6254-0000-000000000000}4114-root 534500x800000000000000029425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.343{ec2a2542-2983-6254-405a-101ae1550000}4113/usr/bin/dpkg-debroot 534500x800000000000000029424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.343{00000000-0000-0000-0000-000000000000}4115<unknown process>root 154100x800000000000000029426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.394{ec2a2542-2983-6254-70b3-08557d550000}4116/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.395{ec2a2542-2983-6254-d8ef-42e4ab550000}4117/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/046-libcairo-gobject2_1.15.10-2ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.395{ec2a2542-2983-6254-70b3-08557d550000}4116/bin/rmroot 23542300x800000000000000029427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.395{ec2a2542-2983-6254-70b3-08557d550000}4116root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.397{ec2a2542-2983-6254-406a-dc526d550000}4118/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/046-libcairo-gobject2_1.15.10-2ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.397{ec2a2542-2983-6254-d8ef-42e4ab550000}4117/usr/bin/dpkg-splitroot 154100x800000000000000029433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.399{ec2a2542-2983-6254-b023-d94774550000}4121/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-406a-dc526d550000}4118/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.399{ec2a2542-2983-6254-0000-000000000000}4119-root 534500x800000000000000029434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.400{ec2a2542-2983-6254-0000-000000000000}4120-root 534500x800000000000000029436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.402{ec2a2542-2983-6254-406a-dc526d550000}4118/usr/bin/dpkg-debroot 534500x800000000000000029435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.402{ec2a2542-2983-6254-b023-d94774550000}4121/bin/tarroot 154100x800000000000000029437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.425{ec2a2542-2983-6254-405a-08d7a5550000}4122/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/046-libcairo-gobject2_1.15.10-2ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.428{ec2a2542-2983-6254-0000-000000000000}4123-root 534500x800000000000000029439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.435{ec2a2542-2983-6254-0000-000000000000}4124-root 534500x800000000000000029440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.437{ec2a2542-2983-6254-405a-08d7a5550000}4122/usr/bin/dpkg-debroot 154100x800000000000000029441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.455{ec2a2542-2983-6254-70f3-48a5b8550000}4125/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.457{ec2a2542-2983-6254-d88f-9d7727560000}4126/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/047-libdv4_1.0.0-11_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.457{ec2a2542-2983-6254-70f3-48a5b8550000}4125/bin/rmroot 23542300x800000000000000029442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.457{ec2a2542-2983-6254-70f3-48a5b8550000}4125root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.458{ec2a2542-2983-6254-d88f-9d7727560000}4126/usr/bin/dpkg-splitroot 154100x800000000000000029446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.459{ec2a2542-2983-6254-408a-4847fb550000}4127/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/047-libdv4_1.0.0-11_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.461{ec2a2542-2983-6254-0000-000000000000}4129-root 154100x800000000000000029448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.461{ec2a2542-2983-6254-b043-5d8e07560000}4130/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-408a-4847fb550000}4127/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.461{ec2a2542-2983-6254-0000-000000000000}4128-root 534500x800000000000000029451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.463{ec2a2542-2983-6254-408a-4847fb550000}4127/usr/bin/dpkg-debroot 534500x800000000000000029450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.463{ec2a2542-2983-6254-b043-5d8e07560000}4130/bin/tarroot 154100x800000000000000029452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.490{ec2a2542-2983-6254-40aa-158f96550000}4131/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/047-libdv4_1.0.0-11_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.492{ec2a2542-2983-6254-0000-000000000000}4132-root 534500x800000000000000029454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.500{00000000-0000-0000-0000-000000000000}4133<unknown process>root 534500x800000000000000029455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.501{ec2a2542-2983-6254-40aa-158f96550000}4131/usr/bin/dpkg-debroot 154100x800000000000000029456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.517{ec2a2542-2983-6254-7003-d00a28560000}4134/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.518{ec2a2542-2983-6254-d80f-63158c550000}4135/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/048-libflac8_1.3.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.518{ec2a2542-2983-6254-7003-d00a28560000}4134/bin/rmroot 23542300x800000000000000029457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.518{ec2a2542-2983-6254-7003-d00a28560000}4134root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.520{ec2a2542-2983-6254-40fa-13b3ad550000}4136/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/048-libflac8_1.3.2-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.520{ec2a2542-2983-6254-d80f-63158c550000}4135/usr/bin/dpkg-splitroot 534500x800000000000000029464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.522{ec2a2542-2983-6254-0000-000000000000}4138-root 154100x800000000000000029463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.522{ec2a2542-2983-6254-b063-54d512560000}4139/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40fa-13b3ad550000}4136/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.522{ec2a2542-2983-6254-0000-000000000000}4137-root 534500x800000000000000029465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.524{ec2a2542-2983-6254-b063-54d512560000}4139/bin/tarroot 534500x800000000000000029466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.525{ec2a2542-2983-6254-40fa-13b3ad550000}4136/usr/bin/dpkg-debroot 154100x800000000000000029467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.545{ec2a2542-2983-6254-405a-fb08aa550000}4140/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/048-libflac8_1.3.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.563{ec2a2542-2983-6254-0000-000000000000}4141-root 534500x800000000000000029470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.572{ec2a2542-2983-6254-405a-fb08aa550000}4140/usr/bin/dpkg-debroot 534500x800000000000000029469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.572{00000000-0000-0000-0000-000000000000}4142<unknown process>root 154100x800000000000000029471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.591{ec2a2542-2983-6254-7033-d4d12a560000}4143/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.593{ec2a2542-2983-6254-d8cf-e01074550000}4144/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/049-libjpeg8_8c-2ubuntu8_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.593{ec2a2542-2983-6254-7033-d4d12a560000}4143/bin/rmroot 23542300x800000000000000029472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.593{ec2a2542-2983-6254-7033-d4d12a560000}4143root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.594{ec2a2542-2983-6254-d8cf-e01074550000}4144/usr/bin/dpkg-splitroot 154100x800000000000000029476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.595{ec2a2542-2983-6254-406a-fceef6550000}4145/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/049-libjpeg8_8c-2ubuntu8_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.596{ec2a2542-2983-6254-b083-dcbb6e550000}4148/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-406a-fceef6550000}4145/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.596{ec2a2542-2983-6254-0000-000000000000}4146-root 534500x800000000000000029478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.597{ec2a2542-2983-6254-0000-000000000000}4147-root 534500x800000000000000029481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.599{ec2a2542-2983-6254-406a-fceef6550000}4145/usr/bin/dpkg-debroot 534500x800000000000000029480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.599{ec2a2542-2983-6254-b083-dcbb6e550000}4148/bin/tarroot 154100x800000000000000029482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.615{ec2a2542-2983-6254-408a-f8664f560000}4149/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/049-libjpeg8_8c-2ubuntu8_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.618{ec2a2542-2983-6254-408a-f8664f560000}4149/usr/bin/dpkg-debroot 534500x800000000000000029484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.618{00000000-0000-0000-0000-000000000000}4151<unknown process>root 534500x800000000000000029483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.618{ec2a2542-2983-6254-0000-000000000000}4150-root 154100x800000000000000029486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.637{ec2a2542-2983-6254-70f3-2e6b0b560000}4152/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.638{ec2a2542-2983-6254-d84f-a277d7550000}4153/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/050-libjbig0_2.1-3.1build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.638{ec2a2542-2983-6254-70f3-2e6b0b560000}4152/bin/rmroot 23542300x800000000000000029487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.638{ec2a2542-2983-6254-70f3-2e6b0b560000}4152root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.640{ec2a2542-2983-6254-40fa-408a1e560000}4154/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/050-libjbig0_2.1-3.1build1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.640{ec2a2542-2983-6254-d84f-a277d7550000}4153/usr/bin/dpkg-splitroot 154100x800000000000000029493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.642{ec2a2542-2983-6254-b033-b62207560000}4157/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40fa-408a1e560000}4154/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.642{ec2a2542-2983-6254-0000-000000000000}4155-root 534500x800000000000000029494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.646{ec2a2542-2983-6254-0000-000000000000}4156-root 534500x800000000000000029496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.647{ec2a2542-2983-6254-40fa-408a1e560000}4154/usr/bin/dpkg-debroot 534500x800000000000000029495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.647{ec2a2542-2983-6254-b033-b62207560000}4157/bin/tarroot 154100x800000000000000029497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.670{ec2a2542-2983-6254-406a-e16575550000}4158/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/050-libjbig0_2.1-3.1build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.672{ec2a2542-2983-6254-0000-000000000000}4159-root 534500x800000000000000029500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.675{ec2a2542-2983-6254-406a-e16575550000}4158/usr/bin/dpkg-debroot 534500x800000000000000029499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.675{00000000-0000-0000-0000-000000000000}4160<unknown process>root 154100x800000000000000029501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.697{ec2a2542-2983-6254-7013-a98957550000}4161/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.698{ec2a2542-2983-6254-7013-a98957550000}4161/bin/rmroot 23542300x800000000000000029502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.698{ec2a2542-2983-6254-7013-a98957550000}4161root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.699{ec2a2542-2983-6254-d82f-7f3259550000}4162/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/051-libtiff5_4.0.9-5ubuntu0.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.701{ec2a2542-2983-6254-401a-da6a89550000}4163/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/051-libtiff5_4.0.9-5ubuntu0.4_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.701{ec2a2542-2983-6254-d82f-7f3259550000}4162/usr/bin/dpkg-splitroot 154100x800000000000000029508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.703{ec2a2542-2983-6254-b0f3-cd330d560000}4166/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-401a-da6a89550000}4163/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.703{ec2a2542-2983-6254-0000-000000000000}4164-root 534500x800000000000000029509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.705{ec2a2542-2983-6254-0000-000000000000}4165-root 534500x800000000000000029511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.708{ec2a2542-2983-6254-401a-da6a89550000}4163/usr/bin/dpkg-debroot 534500x800000000000000029510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.708{ec2a2542-2983-6254-b0f3-cd330d560000}4166/bin/tarroot 154100x800000000000000029512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.731{ec2a2542-2983-6254-404a-950618560000}4167/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/051-libtiff5_4.0.9-5ubuntu0.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.741{ec2a2542-2983-6254-0000-000000000000}4168-root 534500x800000000000000029515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.748{ec2a2542-2983-6254-404a-950618560000}4167/usr/bin/dpkg-debroot 534500x800000000000000029514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.748{00000000-0000-0000-0000-000000000000}4169<unknown process>root 154100x800000000000000029516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.768{ec2a2542-2983-6254-7023-671481550000}4170/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.770{ec2a2542-2983-6254-d88f-3a1137560000}4171/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/052-libgdk-pixbuf2.0-common_2.36.11-2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.770{ec2a2542-2983-6254-7023-671481550000}4170/bin/rmroot 23542300x800000000000000029517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.770{ec2a2542-2983-6254-7023-671481550000}4170root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.772{ec2a2542-2983-6254-407a-6eabc9550000}4172/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/052-libgdk-pixbuf2.0-common_2.36.11-2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.772{ec2a2542-2983-6254-d88f-3a1137560000}4171/usr/bin/dpkg-splitroot 154100x800000000000000029523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.774{ec2a2542-2983-6254-b043-c95e90550000}4175/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-407a-6eabc9550000}4172/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.774{ec2a2542-2983-6254-0000-000000000000}4173-root 534500x800000000000000029524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.775{ec2a2542-2983-6254-0000-000000000000}4174-root 534500x800000000000000029525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.776{ec2a2542-2983-6254-b043-c95e90550000}4175/bin/tarroot 534500x800000000000000029526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.777{ec2a2542-2983-6254-407a-6eabc9550000}4172/usr/bin/dpkg-debroot 154100x800000000000000029527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.805{ec2a2542-2983-6254-40ca-9e26cb550000}4176/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/052-libgdk-pixbuf2.0-common_2.36.11-2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.807{ec2a2542-2983-6254-0000-000000000000}4177-root 534500x800000000000000029530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.809{ec2a2542-2983-6254-40ca-9e26cb550000}4176/usr/bin/dpkg-debroot 534500x800000000000000029529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.809{ec2a2542-2983-6254-0000-000000000000}4178-root 154100x800000000000000029531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.826{ec2a2542-2983-6254-7073-a41e9a550000}4179/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.828{ec2a2542-2983-6254-d83f-b960db550000}4180/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/053-libgdk-pixbuf2.0-0_2.36.11-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.828{ec2a2542-2983-6254-7073-a41e9a550000}4179/bin/rmroot 23542300x800000000000000029532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.828{ec2a2542-2983-6254-7073-a41e9a550000}4179root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.829{ec2a2542-2983-6254-40ca-e165d5550000}4181/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/053-libgdk-pixbuf2.0-0_2.36.11-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.829{ec2a2542-2983-6254-d83f-b960db550000}4180/usr/bin/dpkg-splitroot 154100x800000000000000029538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.831{ec2a2542-2983-6254-b083-22d01f560000}4184/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40ca-e165d5550000}4181/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.831{ec2a2542-2983-6254-0000-000000000000}4182-root 534500x800000000000000029539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.833{ec2a2542-2983-6254-0000-000000000000}4183-root 534500x800000000000000029541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.834{ec2a2542-2983-6254-40ca-e165d5550000}4181/usr/bin/dpkg-debroot 534500x800000000000000029540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.834{ec2a2542-2983-6254-b083-22d01f560000}4184/bin/tarroot 154100x800000000000000029542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.861{ec2a2542-2983-6254-407a-35cd33560000}4185/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/053-libgdk-pixbuf2.0-0_2.36.11-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.876{ec2a2542-2983-6254-0000-000000000000}4186-root 534500x800000000000000029545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.882{ec2a2542-2983-6254-407a-35cd33560000}4185/usr/bin/dpkg-debroot 534500x800000000000000029544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.882{00000000-0000-0000-0000-000000000000}4187<unknown process>root 154100x800000000000000029546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.927{ec2a2542-2983-6254-7083-ec1b7c550000}4188/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.928{ec2a2542-2983-6254-7083-ec1b7c550000}4188/bin/rmroot 23542300x800000000000000029547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.928{ec2a2542-2983-6254-7083-ec1b7c550000}4188root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.929{ec2a2542-2983-6254-d8ff-94d76e550000}4189/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/054-libgstreamer-plugins-good1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.931{ec2a2542-2983-6254-40aa-b5dce5550000}4190/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/054-libgstreamer-plugins-good1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.931{ec2a2542-2983-6254-d8ff-94d76e550000}4189/usr/bin/dpkg-splitroot 154100x800000000000000029553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.933{ec2a2542-2983-6254-b0a3-6c575d550000}4193/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40aa-b5dce5550000}4190/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.933{ec2a2542-2983-6254-0000-000000000000}4191-root 534500x800000000000000029554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.934{ec2a2542-2983-6254-0000-000000000000}4192-root 534500x800000000000000029555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.935{ec2a2542-2983-6254-b0a3-6c575d550000}4193/bin/tarroot 534500x800000000000000029556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.936{ec2a2542-2983-6254-40aa-b5dce5550000}4190/usr/bin/dpkg-debroot 154100x800000000000000029557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.955{ec2a2542-2983-6254-401a-5b066b550000}4194/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/054-libgstreamer-plugins-good1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.957{ec2a2542-2983-6254-0000-000000000000}4195-root 534500x800000000000000029559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.964{00000000-0000-0000-0000-000000000000}4196<unknown process>root 534500x800000000000000029560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.965{ec2a2542-2983-6254-401a-5b066b550000}4194/usr/bin/dpkg-debroot 154100x800000000000000029561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.984{ec2a2542-2983-6254-70e3-bbe01f560000}4197/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.985{ec2a2542-2983-6254-70e3-bbe01f560000}4197/bin/rmroot 23542300x800000000000000029562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.985{ec2a2542-2983-6254-70e3-bbe01f560000}4197root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.986{ec2a2542-2983-6254-d81f-554914560000}4198/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/055-libgudev-1.0-0_1%3a232-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.987{ec2a2542-2983-6254-40aa-d87238560000}4199/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/055-libgudev-1.0-0_1%3a232-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.987{ec2a2542-2983-6254-d81f-554914560000}4198/usr/bin/dpkg-splitroot 154100x800000000000000029568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.989{ec2a2542-2983-6254-b033-ed1720560000}4202/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2983-6254-40aa-d87238560000}4199/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.989{ec2a2542-2983-6254-0000-000000000000}4200-root 534500x800000000000000029569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.990{ec2a2542-2983-6254-0000-000000000000}4201-root 534500x800000000000000029570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.991{ec2a2542-2983-6254-b033-ed1720560000}4202/bin/tarroot 534500x800000000000000029571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:39.992{ec2a2542-2983-6254-40aa-d87238560000}4199/usr/bin/dpkg-debroot 154100x800000000000000029572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.018{ec2a2542-2984-6254-403a-9344bc550000}4203/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/055-libgudev-1.0-0_1%3a232-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.020{ec2a2542-2984-6254-0000-000000000000}4204-root 534500x800000000000000029575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.022{ec2a2542-2984-6254-403a-9344bc550000}4203/usr/bin/dpkg-debroot 534500x800000000000000029574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.022{ec2a2542-2984-6254-0000-000000000000}4205-root 154100x800000000000000029576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.044{ec2a2542-2984-6254-70e3-da7a9d550000}4206/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.046{ec2a2542-2984-6254-d89f-ca3d75550000}4207/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/056-libiec61883-0_1.2.0-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.046{ec2a2542-2984-6254-70e3-da7a9d550000}4206/bin/rmroot 23542300x800000000000000029577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.046{ec2a2542-2984-6254-70e3-da7a9d550000}4206root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.048{ec2a2542-2984-6254-40da-0ad8d0550000}4208/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/056-libiec61883-0_1.2.0-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.048{ec2a2542-2984-6254-d89f-ca3d75550000}4207/usr/bin/dpkg-splitroot 534500x800000000000000029584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.050{ec2a2542-2984-6254-0000-000000000000}4210-root 154100x800000000000000029583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.050{ec2a2542-2984-6254-b0b3-578f3a560000}4211/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-40da-0ad8d0550000}4208/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.050{ec2a2542-2984-6254-0000-000000000000}4209-root 534500x800000000000000029586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.052{ec2a2542-2984-6254-40da-0ad8d0550000}4208/usr/bin/dpkg-debroot 534500x800000000000000029585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.052{ec2a2542-2984-6254-b0b3-578f3a560000}4211/bin/tarroot 154100x800000000000000029587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.075{ec2a2542-2984-6254-40da-53ffed550000}4212/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/056-libiec61883-0_1.2.0-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.077{ec2a2542-2984-6254-0000-000000000000}4213-root 534500x800000000000000029590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.080{ec2a2542-2984-6254-40da-53ffed550000}4212/usr/bin/dpkg-debroot 534500x800000000000000029589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.080{ec2a2542-2984-6254-0000-000000000000}4214-root 154100x800000000000000029591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.098{ec2a2542-2984-6254-7073-e502c1550000}4215/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.099{ec2a2542-2984-6254-7073-e502c1550000}4215root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.100{ec2a2542-2984-6254-d8af-d607c1550000}4216/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/057-libsamplerate0_0.1.9-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.100{ec2a2542-2984-6254-7073-e502c1550000}4215/bin/rmroot 534500x800000000000000029595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.101{ec2a2542-2984-6254-d8af-d607c1550000}4216/usr/bin/dpkg-splitroot 154100x800000000000000029596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.102{ec2a2542-2984-6254-402a-3f011c560000}4217/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/057-libsamplerate0_0.1.9-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.105{ec2a2542-2984-6254-b0e3-dade36560000}4220/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-402a-3f011c560000}4217/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.105{ec2a2542-2984-6254-0000-000000000000}4219-root 534500x800000000000000029597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.105{ec2a2542-2984-6254-0000-000000000000}4218-root 534500x800000000000000029601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.108{ec2a2542-2984-6254-402a-3f011c560000}4217/usr/bin/dpkg-debroot 534500x800000000000000029600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.108{ec2a2542-2984-6254-b0e3-dade36560000}4220/bin/tarroot 154100x800000000000000029602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.131{ec2a2542-2984-6254-406a-d7516c550000}4221/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/057-libsamplerate0_0.1.9-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.274{ec2a2542-2984-6254-0000-000000000000}4222-root 534500x800000000000000029605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.282{ec2a2542-2984-6254-406a-d7516c550000}4221/usr/bin/dpkg-debroot 534500x800000000000000029604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.282{ec2a2542-2984-6254-0000-000000000000}4223-root 154100x800000000000000029606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.305{ec2a2542-2984-6254-70c3-7597c4550000}4224/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.307{ec2a2542-2984-6254-d89f-11459a550000}4225/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/058-libjack-jackd2-0_1.9.12~dfsg-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.307{ec2a2542-2984-6254-70c3-7597c4550000}4224/bin/rmroot 23542300x800000000000000029607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.307{ec2a2542-2984-6254-70c3-7597c4550000}4224root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.308{ec2a2542-2984-6254-d89f-11459a550000}4225/usr/bin/dpkg-splitroot 154100x800000000000000029611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.309{ec2a2542-2984-6254-405a-d1eb8f550000}4226/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/058-libjack-jackd2-0_1.9.12~dfsg-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.310{ec2a2542-2984-6254-b073-f31ac4550000}4229/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-405a-d1eb8f550000}4226/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.311{ec2a2542-2984-6254-0000-000000000000}4227-root 534500x800000000000000029614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.312{ec2a2542-2984-6254-0000-000000000000}4228-root 534500x800000000000000029615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.313{ec2a2542-2984-6254-b073-f31ac4550000}4229/bin/tarroot 534500x800000000000000029616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.314{ec2a2542-2984-6254-405a-d1eb8f550000}4226/usr/bin/dpkg-debroot 154100x800000000000000029617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.333{ec2a2542-2984-6254-40aa-e92dab550000}4230/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/058-libjack-jackd2-0_1.9.12~dfsg-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.358{ec2a2542-2984-6254-0000-000000000000}4231-root 534500x800000000000000029619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.368{00000000-0000-0000-0000-000000000000}4232<unknown process>root 534500x800000000000000029620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.369{ec2a2542-2984-6254-40aa-e92dab550000}4230/usr/bin/dpkg-debroot 154100x800000000000000029621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.412{ec2a2542-2984-6254-7093-6decf4550000}4233/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.413{ec2a2542-2984-6254-7093-6decf4550000}4233/bin/rmroot 23542300x800000000000000029622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.413{ec2a2542-2984-6254-7093-6decf4550000}4233root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.414{ec2a2542-2984-6254-d8cf-ecb364550000}4234/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/059-libmp3lame0_3.100-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.415{ec2a2542-2984-6254-402a-1420de550000}4235/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/059-libmp3lame0_3.100-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.415{ec2a2542-2984-6254-d8cf-ecb364550000}4234/usr/bin/dpkg-splitroot 154100x800000000000000029628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.417{ec2a2542-2984-6254-b0e3-1a15a1550000}4238/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-402a-1420de550000}4235/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.417{ec2a2542-2984-6254-0000-000000000000}4236-root 534500x800000000000000029629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.418{ec2a2542-2984-6254-0000-000000000000}4237-root 534500x800000000000000029630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.419{ec2a2542-2984-6254-b0e3-1a15a1550000}4238/bin/tarroot 534500x800000000000000029631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.420{ec2a2542-2984-6254-402a-1420de550000}4235/usr/bin/dpkg-debroot 154100x800000000000000029632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.440{ec2a2542-2984-6254-40ca-c52ea7550000}4239/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/059-libmp3lame0_3.100-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.451{ec2a2542-2984-6254-0000-000000000000}4240-root 534500x800000000000000029635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.460{ec2a2542-2984-6254-40ca-c52ea7550000}4239/usr/bin/dpkg-debroot 534500x800000000000000029634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.460{00000000-0000-0000-0000-000000000000}4241<unknown process>root 154100x800000000000000029636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.504{ec2a2542-2984-6254-70f3-6c1765550000}4242/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.506{ec2a2542-2984-6254-d8df-a7ca89550000}4243/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/060-libmpg123-0_1.25.10-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.506{ec2a2542-2984-6254-70f3-6c1765550000}4242/bin/rmroot 23542300x800000000000000029637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.506{ec2a2542-2984-6254-70f3-6c1765550000}4242root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.507{ec2a2542-2984-6254-408a-4ae3ab550000}4244/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/060-libmpg123-0_1.25.10-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.507{ec2a2542-2984-6254-d8df-a7ca89550000}4243/usr/bin/dpkg-splitroot 154100x800000000000000029643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.509{ec2a2542-2984-6254-b013-a87a0f560000}4247/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-408a-4ae3ab550000}4244/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.509{ec2a2542-2984-6254-0000-000000000000}4245-root 534500x800000000000000029644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.511{ec2a2542-2984-6254-0000-000000000000}4246-root 534500x800000000000000029646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.512{ec2a2542-2984-6254-408a-4ae3ab550000}4244/usr/bin/dpkg-debroot 534500x800000000000000029645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.512{ec2a2542-2984-6254-b013-a87a0f560000}4247/bin/tarroot 154100x800000000000000029647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.533{ec2a2542-2984-6254-405a-20896d550000}4248/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/060-libmpg123-0_1.25.10-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.541{ec2a2542-2984-6254-0000-000000000000}4249-root 534500x800000000000000029649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.548{00000000-0000-0000-0000-000000000000}4250<unknown process>root 534500x800000000000000029650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.549{ec2a2542-2984-6254-405a-20896d550000}4248/usr/bin/dpkg-debroot 154100x800000000000000029651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.588{ec2a2542-2984-6254-7093-98aa79550000}4251/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.590{ec2a2542-2984-6254-7093-98aa79550000}4251/bin/rmroot 23542300x800000000000000029652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.590{ec2a2542-2984-6254-7093-98aa79550000}4251root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.593{ec2a2542-2984-6254-d87f-78be13560000}4252/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/061-libspeex1_1.2~rc1.2-1ubuntu2.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.594{ec2a2542-2984-6254-d87f-78be13560000}4252/usr/bin/dpkg-splitroot 154100x800000000000000029656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.595{ec2a2542-2984-6254-405a-912282550000}4253/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/061-libspeex1_1.2~rc1.2-1ubuntu2.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.596{ec2a2542-2984-6254-b083-d6e4ba550000}4256/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-405a-912282550000}4253/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.596{ec2a2542-2984-6254-0000-000000000000}4254-root 534500x800000000000000029659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.597{ec2a2542-2984-6254-0000-000000000000}4255-root 534500x800000000000000029661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.599{ec2a2542-2984-6254-405a-912282550000}4253/usr/bin/dpkg-debroot 534500x800000000000000029660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.599{ec2a2542-2984-6254-b083-d6e4ba550000}4256/bin/tarroot 154100x800000000000000029662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.618{ec2a2542-2984-6254-406a-2e46f6550000}4257/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/061-libspeex1_1.2~rc1.2-1ubuntu2.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.621{ec2a2542-2984-6254-0000-000000000000}4258-root 534500x800000000000000029665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.628{ec2a2542-2984-6254-406a-2e46f6550000}4257/usr/bin/dpkg-debroot 534500x800000000000000029664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.628{00000000-0000-0000-0000-000000000000}4259<unknown process>root 154100x800000000000000029666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.646{ec2a2542-2984-6254-70f3-34aa40560000}4260/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.647{ec2a2542-2984-6254-70f3-34aa40560000}4260/bin/rmroot 23542300x800000000000000029667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.647{ec2a2542-2984-6254-70f3-34aa40560000}4260root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.648{ec2a2542-2984-6254-d8ff-d84e38560000}4261/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/062-libshout3_2.4.1-2build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.649{ec2a2542-2984-6254-403a-56e53c560000}4262/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/062-libshout3_2.4.1-2build1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.649{ec2a2542-2984-6254-d8ff-d84e38560000}4261/usr/bin/dpkg-splitroot 154100x800000000000000029673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.651{ec2a2542-2984-6254-b003-816d41560000}4265/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-403a-56e53c560000}4262/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.651{ec2a2542-2984-6254-0000-000000000000}4263-root 534500x800000000000000029674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.652{ec2a2542-2984-6254-0000-000000000000}4264-root 534500x800000000000000029676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.654{ec2a2542-2984-6254-403a-56e53c560000}4262/usr/bin/dpkg-debroot 534500x800000000000000029675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.654{ec2a2542-2984-6254-b003-816d41560000}4265/bin/tarroot 154100x800000000000000029677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.679{ec2a2542-2984-6254-406a-ab2722560000}4266/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/062-libshout3_2.4.1-2build1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.681{ec2a2542-2984-6254-0000-000000000000}4267-root 534500x800000000000000029679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.686{ec2a2542-2984-6254-0000-000000000000}4268-root 534500x800000000000000029680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.687{ec2a2542-2984-6254-406a-ab2722560000}4266/usr/bin/dpkg-debroot 154100x800000000000000029681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.708{ec2a2542-2984-6254-70e3-d801e8550000}4269/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.709{ec2a2542-2984-6254-70e3-d801e8550000}4269/bin/rmroot 23542300x800000000000000029682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.709{ec2a2542-2984-6254-70e3-d801e8550000}4269root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.710{ec2a2542-2984-6254-d82f-1505ad550000}4270/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/063-libsoup2.4-1_2.62.1-1ubuntu0.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.711{ec2a2542-2984-6254-407a-162f54560000}4271/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/063-libsoup2.4-1_2.62.1-1ubuntu0.4_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.711{ec2a2542-2984-6254-d82f-1505ad550000}4270/usr/bin/dpkg-splitroot 154100x800000000000000029688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.713{ec2a2542-2984-6254-b033-6f24a0550000}4274/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-407a-162f54560000}4271/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.713{ec2a2542-2984-6254-0000-000000000000}4272-root 534500x800000000000000029689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.715{ec2a2542-2984-6254-0000-000000000000}4273-root 534500x800000000000000029691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.716{ec2a2542-2984-6254-407a-162f54560000}4271/usr/bin/dpkg-debroot 534500x800000000000000029690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.716{ec2a2542-2984-6254-b033-6f24a0550000}4274/bin/tarroot 154100x800000000000000029692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.743{ec2a2542-2984-6254-404a-92b87d550000}4275/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/063-libsoup2.4-1_2.62.1-1ubuntu0.4_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.770{ec2a2542-2984-6254-0000-000000000000}4276-root 534500x800000000000000029695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.776{ec2a2542-2984-6254-404a-92b87d550000}4275/usr/bin/dpkg-debroot 534500x800000000000000029694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.776{ec2a2542-2984-6254-0000-000000000000}4277-root 154100x800000000000000029696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.818{ec2a2542-2984-6254-7073-f39545560000}4278/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.820{ec2a2542-2984-6254-d8ff-f4dad6550000}4279/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/064-libtag1v5-vanilla_1.11.1+dfsg.1-0.2build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.820{ec2a2542-2984-6254-7073-f39545560000}4278/bin/rmroot 23542300x800000000000000029697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.820{ec2a2542-2984-6254-7073-f39545560000}4278root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.821{ec2a2542-2984-6254-d8ff-f4dad6550000}4279/usr/bin/dpkg-splitroot 154100x800000000000000029701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.822{ec2a2542-2984-6254-40da-275c79550000}4280/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/064-libtag1v5-vanilla_1.11.1+dfsg.1-0.2build2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.825{ec2a2542-2984-6254-b0b3-414604560000}4283/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-40da-275c79550000}4280/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.825{ec2a2542-2984-6254-0000-000000000000}4281-root 534500x800000000000000029706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.828{ec2a2542-2984-6254-40da-275c79550000}4280/usr/bin/dpkg-debroot 534500x800000000000000029705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.828{ec2a2542-2984-6254-b0b3-414604560000}4283/bin/tarroot 534500x800000000000000029704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.828{ec2a2542-2984-6254-0000-000000000000}4282-root 154100x800000000000000029707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.855{ec2a2542-2984-6254-40ca-7f2d53560000}4284/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/064-libtag1v5-vanilla_1.11.1+dfsg.1-0.2build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.877{ec2a2542-2984-6254-0000-000000000000}4285-root 534500x800000000000000029709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.886{ec2a2542-2984-6254-0000-000000000000}4286-root 534500x800000000000000029710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.889{ec2a2542-2984-6254-40ca-7f2d53560000}4284/usr/bin/dpkg-debroot 154100x800000000000000029711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.930{ec2a2542-2984-6254-70a3-956c09560000}4287/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.931{ec2a2542-2984-6254-d8af-ac72dd550000}4288/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/065-libtag1v5_1.11.1+dfsg.1-0.2build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.931{ec2a2542-2984-6254-70a3-956c09560000}4287/bin/rmroot 23542300x800000000000000029712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.931{ec2a2542-2984-6254-70a3-956c09560000}4287root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.933{ec2a2542-2984-6254-408a-024ead550000}4289/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/065-libtag1v5_1.11.1+dfsg.1-0.2build2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.933{ec2a2542-2984-6254-d8af-ac72dd550000}4288/usr/bin/dpkg-splitroot 154100x800000000000000029718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.935{ec2a2542-2984-6254-b073-7057ca550000}4292/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-408a-024ead550000}4289/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.935{ec2a2542-2984-6254-0000-000000000000}4290-root 534500x800000000000000029719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.936{ec2a2542-2984-6254-0000-000000000000}4291-root 534500x800000000000000029721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.938{ec2a2542-2984-6254-408a-024ead550000}4289/usr/bin/dpkg-debroot 534500x800000000000000029720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.938{ec2a2542-2984-6254-b073-7057ca550000}4292/bin/tarroot 154100x800000000000000029722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.955{ec2a2542-2984-6254-406a-6af4ba550000}4293/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/065-libtag1v5_1.11.1+dfsg.1-0.2build2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.957{00000000-0000-0000-0000-000000000000}4294<unknown process>root 534500x800000000000000029725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.959{ec2a2542-2984-6254-406a-6af4ba550000}4293/usr/bin/dpkg-debroot 534500x800000000000000029724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.959{00000000-0000-0000-0000-000000000000}4295<unknown process>root 154100x800000000000000029726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.979{ec2a2542-2984-6254-7073-cedb1c560000}4296/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.980{ec2a2542-2984-6254-d8df-243521560000}4297/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/066-libtwolame0_0.3.13-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.980{ec2a2542-2984-6254-7073-cedb1c560000}4296/bin/rmroot 23542300x800000000000000029727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.980{ec2a2542-2984-6254-7073-cedb1c560000}4296root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.982{ec2a2542-2984-6254-407a-c39352560000}4298/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/066-libtwolame0_0.3.13-3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.982{ec2a2542-2984-6254-d8df-243521560000}4297/usr/bin/dpkg-splitroot 154100x800000000000000029733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.984{ec2a2542-2984-6254-b053-874a2b560000}4301/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2984-6254-407a-c39352560000}4298/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.984{ec2a2542-2984-6254-0000-000000000000}4299-root 534500x800000000000000029734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.985{ec2a2542-2984-6254-0000-000000000000}4300-root 534500x800000000000000029736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.986{ec2a2542-2984-6254-407a-c39352560000}4298/usr/bin/dpkg-debroot 534500x800000000000000029735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:40.986{ec2a2542-2984-6254-b053-874a2b560000}4301/bin/tarroot 154100x800000000000000029737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.008{ec2a2542-2985-6254-407a-d45c38560000}4302/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/066-libtwolame0_0.3.13-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.010{ec2a2542-2985-6254-0000-000000000000}4303-root 534500x800000000000000029739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.015{ec2a2542-2985-6254-0000-000000000000}4304-root 534500x800000000000000029740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.016{ec2a2542-2985-6254-407a-d45c38560000}4302/usr/bin/dpkg-debroot 154100x800000000000000029741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.037{ec2a2542-2985-6254-7093-e17058550000}4305/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.038{ec2a2542-2985-6254-7093-e17058550000}4305root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.039{ec2a2542-2985-6254-d80f-0c95a2550000}4306/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/067-libv4lconvert0_1.14.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.039{ec2a2542-2985-6254-7093-e17058550000}4305/bin/rmroot 154100x800000000000000029746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.040{ec2a2542-2985-6254-403a-c73055560000}4307/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/067-libv4lconvert0_1.14.2-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.040{ec2a2542-2985-6254-d80f-0c95a2550000}4306/usr/bin/dpkg-splitroot 154100x800000000000000029748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.042{ec2a2542-2985-6254-b0b3-c19ed0550000}4310/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-403a-c73055560000}4307/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.042{ec2a2542-2985-6254-0000-000000000000}4308-root 534500x800000000000000029749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.043{ec2a2542-2985-6254-0000-000000000000}4309-root 534500x800000000000000029751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.045{ec2a2542-2985-6254-403a-c73055560000}4307/usr/bin/dpkg-debroot 534500x800000000000000029750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.045{ec2a2542-2985-6254-b0b3-c19ed0550000}4310/bin/tarroot 154100x800000000000000029752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.089{ec2a2542-2985-6254-40ea-e26a2b560000}4311/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/067-libv4lconvert0_1.14.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.094{ec2a2542-2985-6254-0000-000000000000}4312-root 534500x800000000000000029755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.106{ec2a2542-2985-6254-40ea-e26a2b560000}4311/usr/bin/dpkg-debroot 534500x800000000000000029754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.106{00000000-0000-0000-0000-000000000000}4313<unknown process>root 154100x800000000000000029756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.153{ec2a2542-2985-6254-70f3-c035e8550000}4314/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.154{ec2a2542-2985-6254-d82f-c4de1d560000}4315/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/068-libv4l-0_1.14.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.154{ec2a2542-2985-6254-70f3-c035e8550000}4314/bin/rmroot 23542300x800000000000000029757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.154{ec2a2542-2985-6254-70f3-c035e8550000}4314root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.156{ec2a2542-2985-6254-40aa-cf7fcd550000}4316/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/068-libv4l-0_1.14.2-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.156{ec2a2542-2985-6254-d82f-c4de1d560000}4315/usr/bin/dpkg-splitroot 154100x800000000000000029763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.158{ec2a2542-2985-6254-b003-506e88550000}4319/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-40aa-cf7fcd550000}4316/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.158{ec2a2542-2985-6254-0000-000000000000}4317-root 534500x800000000000000029764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.159{ec2a2542-2985-6254-0000-000000000000}4318-root 534500x800000000000000029765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.161{ec2a2542-2985-6254-b003-506e88550000}4319/bin/tarroot 534500x800000000000000029766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.162{ec2a2542-2985-6254-40aa-cf7fcd550000}4316/usr/bin/dpkg-debroot 154100x800000000000000029767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.184{ec2a2542-2985-6254-402a-54edf9550000}4320/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/068-libv4l-0_1.14.2-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.186{ec2a2542-2985-6254-0000-000000000000}4321-root 534500x800000000000000029770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.195{ec2a2542-2985-6254-402a-54edf9550000}4320/usr/bin/dpkg-debroot 534500x800000000000000029769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.195{00000000-0000-0000-0000-000000000000}4322<unknown process>root 154100x800000000000000029771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.211{ec2a2542-2985-6254-7063-30ed21560000}4323/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.213{ec2a2542-2985-6254-7063-30ed21560000}4323/bin/rmroot 23542300x800000000000000029772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.213{ec2a2542-2985-6254-7063-30ed21560000}4323root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.214{ec2a2542-2985-6254-d83f-8bd4fa550000}4324/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/069-libvpx5_1.7.0-3ubuntu0.18.04.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.216{ec2a2542-2985-6254-409a-ce1043560000}4325/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/069-libvpx5_1.7.0-3ubuntu0.18.04.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.216{ec2a2542-2985-6254-d83f-8bd4fa550000}4324/usr/bin/dpkg-splitroot 154100x800000000000000029778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.218{ec2a2542-2985-6254-b043-2ecb06560000}4328/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-409a-ce1043560000}4325/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.218{ec2a2542-2985-6254-0000-000000000000}4326-root 534500x800000000000000029779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.219{ec2a2542-2985-6254-0000-000000000000}4327-root 534500x800000000000000029781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.221{ec2a2542-2985-6254-409a-ce1043560000}4325/usr/bin/dpkg-debroot 534500x800000000000000029780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.221{ec2a2542-2985-6254-b043-2ecb06560000}4328/bin/tarroot 154100x800000000000000029782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.245{ec2a2542-2985-6254-403a-fdc903560000}4329/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/069-libvpx5_1.7.0-3ubuntu0.18.04.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.328{ec2a2542-2985-6254-0000-000000000000}4330-root 534500x800000000000000029785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.338{ec2a2542-2985-6254-403a-fdc903560000}4329/usr/bin/dpkg-debroot 534500x800000000000000029784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.338{ec2a2542-2985-6254-0000-000000000000}4331-root 154100x800000000000000029786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.397{ec2a2542-2985-6254-70e3-36029d550000}4332/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.398{ec2a2542-2985-6254-70e3-36029d550000}4332root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.399{ec2a2542-2985-6254-d8ff-99c23b560000}4333/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/070-libwavpack1_5.1.0-2ubuntu1.5_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.399{ec2a2542-2985-6254-70e3-36029d550000}4332/bin/rmroot 154100x800000000000000029791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.401{ec2a2542-2985-6254-406a-eb6cb2550000}4334/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/070-libwavpack1_5.1.0-2ubuntu1.5_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.401{ec2a2542-2985-6254-d8ff-99c23b560000}4333/usr/bin/dpkg-splitroot 154100x800000000000000029793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.403{ec2a2542-2985-6254-b0d3-2ff1ee550000}4337/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-406a-eb6cb2550000}4334/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.403{ec2a2542-2985-6254-0000-000000000000}4335-root 534500x800000000000000029794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.405{ec2a2542-2985-6254-0000-000000000000}4336-root 534500x800000000000000029796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.406{ec2a2542-2985-6254-406a-eb6cb2550000}4334/usr/bin/dpkg-debroot 534500x800000000000000029795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.406{ec2a2542-2985-6254-b0d3-2ff1ee550000}4337/bin/tarroot 154100x800000000000000029797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.426{ec2a2542-2985-6254-404a-cc7910560000}4338/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/070-libwavpack1_5.1.0-2ubuntu1.5_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.436{ec2a2542-2985-6254-0000-000000000000}4339-root 534500x800000000000000029800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.440{ec2a2542-2985-6254-404a-cc7910560000}4338/usr/bin/dpkg-debroot 534500x800000000000000029799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.440{00000000-0000-0000-0000-000000000000}4340<unknown process>root 154100x800000000000000029801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.457{ec2a2542-2985-6254-7033-cc7f75550000}4341/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.458{ec2a2542-2985-6254-7033-cc7f75550000}4341/bin/rmroot 23542300x800000000000000029802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.458{ec2a2542-2985-6254-7033-cc7f75550000}4341root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.459{ec2a2542-2985-6254-d80f-9bbe4c560000}4342/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/071-libxdamage1_1%3a1.1.4-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.460{ec2a2542-2985-6254-40ca-4c2d5e550000}4343/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/071-libxdamage1_1%3a1.1.4-3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.460{ec2a2542-2985-6254-d80f-9bbe4c560000}4342/usr/bin/dpkg-splitroot 534500x800000000000000029809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.462{ec2a2542-2985-6254-0000-000000000000}4345-root 154100x800000000000000029808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.462{ec2a2542-2985-6254-b063-71c149560000}4346/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-40ca-4c2d5e550000}4343/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.462{ec2a2542-2985-6254-0000-000000000000}4344-root 534500x800000000000000029810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.464{ec2a2542-2985-6254-b063-71c149560000}4346/bin/tarroot 534500x800000000000000029811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.465{ec2a2542-2985-6254-40ca-4c2d5e550000}4343/usr/bin/dpkg-debroot 154100x800000000000000029812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.485{ec2a2542-2985-6254-406a-cd34bb550000}4347/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/071-libxdamage1_1%3a1.1.4-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.487{ec2a2542-2985-6254-0000-000000000000}4348-root 534500x800000000000000029815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.489{ec2a2542-2985-6254-406a-cd34bb550000}4347/usr/bin/dpkg-debroot 534500x800000000000000029814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.489{ec2a2542-2985-6254-0000-000000000000}4349-root 154100x800000000000000029816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.509{ec2a2542-2985-6254-7013-209841560000}4350/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.510{ec2a2542-2985-6254-7013-209841560000}4350/bin/rmroot 23542300x800000000000000029817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.510{ec2a2542-2985-6254-7013-209841560000}4350root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.511{ec2a2542-2985-6254-d87f-87dc8e550000}4351/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/072-libxfixes3_1%3a5.0.3-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.512{ec2a2542-2985-6254-405a-e1ab80550000}4352/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/072-libxfixes3_1%3a5.0.3-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.512{ec2a2542-2985-6254-d87f-87dc8e550000}4351/usr/bin/dpkg-splitroot 534500x800000000000000029824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.514{ec2a2542-2985-6254-0000-000000000000}4354-root 154100x800000000000000029823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.514{ec2a2542-2985-6254-b023-09f43a560000}4355/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-405a-e1ab80550000}4352/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.514{ec2a2542-2985-6254-0000-000000000000}4353-root 534500x800000000000000029826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.517{ec2a2542-2985-6254-405a-e1ab80550000}4352/usr/bin/dpkg-debroot 534500x800000000000000029825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.517{ec2a2542-2985-6254-b023-09f43a560000}4355/bin/tarroot 154100x800000000000000029827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.540{ec2a2542-2985-6254-402a-106486550000}4356/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/072-libxfixes3_1%3a5.0.3-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.541{ec2a2542-2985-6254-0000-000000000000}4357-root 534500x800000000000000029830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.543{ec2a2542-2985-6254-402a-106486550000}4356/usr/bin/dpkg-debroot 534500x800000000000000029829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.543{ec2a2542-2985-6254-0000-000000000000}4358-root 154100x800000000000000029831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.561{ec2a2542-2985-6254-70c3-d3bc55550000}4359/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.563{ec2a2542-2985-6254-70c3-d3bc55550000}4359/bin/rmroot 23542300x800000000000000029832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.563{ec2a2542-2985-6254-70c3-d3bc55550000}4359root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.564{ec2a2542-2985-6254-d8df-80211b560000}4360/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/073-gstreamer1.0-plugins-good_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.565{ec2a2542-2985-6254-409a-e3950c560000}4361/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/073-gstreamer1.0-plugins-good_1.14.5-0ubuntu1~18.04.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.565{ec2a2542-2985-6254-d8df-80211b560000}4360/usr/bin/dpkg-splitroot 154100x800000000000000029838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.567{ec2a2542-2985-6254-b073-2c01f0550000}4364/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-409a-e3950c560000}4361/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.567{ec2a2542-2985-6254-0000-000000000000}4362-root 534500x800000000000000029840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.569{ec2a2542-2985-6254-b073-2c01f0550000}4364/bin/tarroot 534500x800000000000000029839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.569{ec2a2542-2985-6254-0000-000000000000}4363-root 534500x800000000000000029841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.570{ec2a2542-2985-6254-409a-e3950c560000}4361/usr/bin/dpkg-debroot 154100x800000000000000029842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.585{ec2a2542-2985-6254-40da-900467550000}4365/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/073-gstreamer1.0-plugins-good_1.14.5-0ubuntu1~18.04.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.809{ec2a2542-2985-6254-0000-000000000000}4366-root 534500x800000000000000029844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.837{00000000-0000-0000-0000-000000000000}4367<unknown process>root 534500x800000000000000029845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.838{ec2a2542-2985-6254-40da-900467550000}4365/usr/bin/dpkg-debroot 154100x800000000000000029846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.873{ec2a2542-2985-6254-7033-a3d81c560000}4368/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.874{ec2a2542-2985-6254-7033-a3d81c560000}4368/bin/rmroot 23542300x800000000000000029847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.874{ec2a2542-2985-6254-7033-a3d81c560000}4368root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.875{ec2a2542-2985-6254-d8ff-825986550000}4369/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/074-libthai-data_0.1.27-2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.876{ec2a2542-2985-6254-40fa-8a77f9550000}4370/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/074-libthai-data_0.1.27-2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.876{ec2a2542-2985-6254-d8ff-825986550000}4369/usr/bin/dpkg-splitroot 154100x800000000000000029853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.878{ec2a2542-2985-6254-b073-75347f550000}4373/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-40fa-8a77f9550000}4370/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.878{ec2a2542-2985-6254-0000-000000000000}4371-root 534500x800000000000000029854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.879{ec2a2542-2985-6254-0000-000000000000}4372-root 534500x800000000000000029855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.880{ec2a2542-2985-6254-b073-75347f550000}4373/bin/tarroot 534500x800000000000000029856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.881{ec2a2542-2985-6254-40fa-8a77f9550000}4370/usr/bin/dpkg-debroot 154100x800000000000000029857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.906{ec2a2542-2985-6254-409a-230a03560000}4374/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/074-libthai-data_0.1.27-2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.920{ec2a2542-2985-6254-0000-000000000000}4375-root 534500x800000000000000029860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.931{ec2a2542-2985-6254-409a-230a03560000}4374/usr/bin/dpkg-debroot 534500x800000000000000029859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.931{00000000-0000-0000-0000-000000000000}4376<unknown process>root 154100x800000000000000029861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.953{ec2a2542-2985-6254-7013-8d86fd550000}4377/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.954{ec2a2542-2985-6254-7013-8d86fd550000}4377/bin/rmroot 23542300x800000000000000029862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.954{ec2a2542-2985-6254-7013-8d86fd550000}4377root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.955{ec2a2542-2985-6254-d80f-90fbe1550000}4378/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/075-libdatrie1_0.2.10-7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.956{ec2a2542-2985-6254-404a-5a8445560000}4379/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/075-libdatrie1_0.2.10-7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.956{ec2a2542-2985-6254-d80f-90fbe1550000}4378/usr/bin/dpkg-splitroot 154100x800000000000000029868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.958{ec2a2542-2985-6254-b0e3-e2cb09560000}4382/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2985-6254-404a-5a8445560000}4379/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.958{ec2a2542-2985-6254-0000-000000000000}4380-root 534500x800000000000000029869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.959{ec2a2542-2985-6254-0000-000000000000}4381-root 534500x800000000000000029870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.960{ec2a2542-2985-6254-b0e3-e2cb09560000}4382/bin/tarroot 534500x800000000000000029871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.961{ec2a2542-2985-6254-404a-5a8445560000}4379/usr/bin/dpkg-debroot 154100x800000000000000029872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.985{ec2a2542-2985-6254-409a-74f8ee550000}4383/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/075-libdatrie1_0.2.10-7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.987{ec2a2542-2985-6254-0000-000000000000}4384-root 534500x800000000000000029875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.990{ec2a2542-2985-6254-409a-74f8ee550000}4383/usr/bin/dpkg-debroot 534500x800000000000000029874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:41.990{00000000-0000-0000-0000-000000000000}4385<unknown process>root 154100x800000000000000029876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.011{ec2a2542-2986-6254-7033-9deeca550000}4386/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.012{ec2a2542-2986-6254-7033-9deeca550000}4386/bin/rmroot 23542300x800000000000000029877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.012{ec2a2542-2986-6254-7033-9deeca550000}4386root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.013{ec2a2542-2986-6254-d8bf-d2cc04560000}4387/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/076-libthai0_0.1.27-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.014{ec2a2542-2986-6254-408a-87e60f560000}4388/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/076-libthai0_0.1.27-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.014{ec2a2542-2986-6254-d8bf-d2cc04560000}4387/usr/bin/dpkg-splitroot 154100x800000000000000029883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.016{ec2a2542-2986-6254-b063-4c1041560000}4391/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-408a-87e60f560000}4388/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.016{ec2a2542-2986-6254-0000-000000000000}4389-root 534500x800000000000000029884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.017{ec2a2542-2986-6254-0000-000000000000}4390-root 534500x800000000000000029885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.019{ec2a2542-2986-6254-b063-4c1041560000}4391/bin/tarroot 534500x800000000000000029886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.020{ec2a2542-2986-6254-408a-87e60f560000}4388/usr/bin/dpkg-debroot 154100x800000000000000029887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.042{ec2a2542-2986-6254-401a-522023560000}4392/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/076-libthai0_0.1.27-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.045{ec2a2542-2986-6254-0000-000000000000}4393-root 534500x800000000000000029890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.047{ec2a2542-2986-6254-401a-522023560000}4392/usr/bin/dpkg-debroot 534500x800000000000000029889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.047{ec2a2542-2986-6254-0000-000000000000}4394-root 154100x800000000000000029891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.065{ec2a2542-2986-6254-7073-b1e1df550000}4395/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.067{ec2a2542-2986-6254-d8ff-2034c7550000}4396/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/077-libpango-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.067{ec2a2542-2986-6254-7073-b1e1df550000}4395/bin/rmroot 23542300x800000000000000029892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.067{ec2a2542-2986-6254-7073-b1e1df550000}4395root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.069{ec2a2542-2986-6254-d8ff-2034c7550000}4396/usr/bin/dpkg-splitroot 154100x800000000000000029896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.070{ec2a2542-2986-6254-404a-517392550000}4397/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/077-libpango-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.072{ec2a2542-2986-6254-b043-89abd3550000}4400/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-404a-517392550000}4397/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.072{ec2a2542-2986-6254-0000-000000000000}4398-root 534500x800000000000000029899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.074{ec2a2542-2986-6254-0000-000000000000}4399-root 534500x800000000000000029901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.075{ec2a2542-2986-6254-404a-517392550000}4397/usr/bin/dpkg-debroot 534500x800000000000000029900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.075{ec2a2542-2986-6254-b043-89abd3550000}4400/bin/tarroot 154100x800000000000000029902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.096{ec2a2542-2986-6254-40ca-c0f48b550000}4401/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/077-libpango-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.108{ec2a2542-2986-6254-0000-000000000000}4402-root 534500x800000000000000029905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.117{ec2a2542-2986-6254-40ca-c0f48b550000}4401/usr/bin/dpkg-debroot 534500x800000000000000029904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.117{00000000-0000-0000-0000-000000000000}4403<unknown process>root 154100x800000000000000029906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.151{ec2a2542-2986-6254-7073-2dfe9f550000}4404/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000029907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.152{ec2a2542-2986-6254-7073-2dfe9f550000}4404root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.153{ec2a2542-2986-6254-d85f-d64cbf550000}4405/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/078-libgraphite2-3_1.3.11-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.153{ec2a2542-2986-6254-7073-2dfe9f550000}4404/bin/rmroot 534500x800000000000000029910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.154{ec2a2542-2986-6254-d85f-d64cbf550000}4405/usr/bin/dpkg-splitroot 154100x800000000000000029911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.155{ec2a2542-2986-6254-403a-8ad0f3550000}4406/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/078-libgraphite2-3_1.3.11-2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.157{ec2a2542-2986-6254-b083-d96c43560000}4409/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-403a-8ad0f3550000}4406/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.157{ec2a2542-2986-6254-0000-000000000000}4407-root 534500x800000000000000029914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.158{ec2a2542-2986-6254-0000-000000000000}4408-root 534500x800000000000000029916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.159{ec2a2542-2986-6254-403a-8ad0f3550000}4406/usr/bin/dpkg-debroot 534500x800000000000000029915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.159{ec2a2542-2986-6254-b083-d96c43560000}4409/bin/tarroot 154100x800000000000000029917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.178{ec2a2542-2986-6254-404a-610f88550000}4410/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/078-libgraphite2-3_1.3.11-2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.182{ec2a2542-2986-6254-0000-000000000000}4411-root 534500x800000000000000029920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.188{ec2a2542-2986-6254-404a-610f88550000}4410/usr/bin/dpkg-debroot 534500x800000000000000029919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.188{00000000-0000-0000-0000-000000000000}4412<unknown process>root 154100x800000000000000029921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.205{ec2a2542-2986-6254-7013-8fdf11560000}4413/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.206{ec2a2542-2986-6254-7013-8fdf11560000}4413/bin/rmroot 23542300x800000000000000029922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.206{ec2a2542-2986-6254-7013-8fdf11560000}4413root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.207{ec2a2542-2986-6254-d8af-49206b550000}4414/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/079-libharfbuzz0b_1.7.2-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.208{ec2a2542-2986-6254-40da-8a5ff4550000}4415/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/079-libharfbuzz0b_1.7.2-1ubuntu1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.208{ec2a2542-2986-6254-d8af-49206b550000}4414/usr/bin/dpkg-splitroot 154100x800000000000000029928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.210{ec2a2542-2986-6254-b0a3-1a4f78550000}4418/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-40da-8a5ff4550000}4415/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.211{ec2a2542-2986-6254-0000-000000000000}4416-root 534500x800000000000000029929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.212{ec2a2542-2986-6254-0000-000000000000}4417-root 534500x800000000000000029931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.213{ec2a2542-2986-6254-40da-8a5ff4550000}4415/usr/bin/dpkg-debroot 534500x800000000000000029930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.213{ec2a2542-2986-6254-b0a3-1a4f78550000}4418/bin/tarroot 154100x800000000000000029932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.234{ec2a2542-2986-6254-409a-2210b2550000}4419/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/079-libharfbuzz0b_1.7.2-1ubuntu1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.251{ec2a2542-2986-6254-0000-000000000000}4420-root 534500x800000000000000029934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.259{00000000-0000-0000-0000-000000000000}4421<unknown process>root 534500x800000000000000029935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.260{ec2a2542-2986-6254-409a-2210b2550000}4419/usr/bin/dpkg-debroot 154100x800000000000000029936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.277{ec2a2542-2986-6254-70c3-874150560000}4422/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.279{ec2a2542-2986-6254-d8ff-578df2550000}4423/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/080-libpangoft2-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.279{ec2a2542-2986-6254-70c3-874150560000}4422/bin/rmroot 23542300x800000000000000029937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.279{ec2a2542-2986-6254-70c3-874150560000}4422root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000029940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.280{ec2a2542-2986-6254-d8ff-578df2550000}4423/usr/bin/dpkg-splitroot 154100x800000000000000029941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.281{ec2a2542-2986-6254-403a-d6c116560000}4424/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/080-libpangoft2-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.283{ec2a2542-2986-6254-b023-c1b103560000}4427/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-403a-d6c116560000}4424/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.283{ec2a2542-2986-6254-0000-000000000000}4425-root 534500x800000000000000029944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.284{ec2a2542-2986-6254-0000-000000000000}4426-root 534500x800000000000000029946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.286{ec2a2542-2986-6254-403a-d6c116560000}4424/usr/bin/dpkg-debroot 534500x800000000000000029945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.286{ec2a2542-2986-6254-b023-c1b103560000}4427/bin/tarroot 154100x800000000000000029947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.308{ec2a2542-2986-6254-409a-f4d578550000}4428/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/080-libpangoft2-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.310{ec2a2542-2986-6254-0000-000000000000}4429-root 534500x800000000000000029950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.314{ec2a2542-2986-6254-409a-f4d578550000}4428/usr/bin/dpkg-debroot 534500x800000000000000029949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.314{ec2a2542-2986-6254-0000-000000000000}4430-root 154100x800000000000000029951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.331{ec2a2542-2986-6254-70f3-598ef2550000}4431/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.332{ec2a2542-2986-6254-70f3-598ef2550000}4431/bin/rmroot 23542300x800000000000000029952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.332{ec2a2542-2986-6254-70f3-598ef2550000}4431root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000029954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.333{ec2a2542-2986-6254-d8ef-444a66550000}4432/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/081-libpangocairo-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000029956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.334{ec2a2542-2986-6254-404a-0b2140560000}4433/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/081-libpangocairo-1.0-0_1.40.14-1ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000029955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.334{ec2a2542-2986-6254-d8ef-444a66550000}4432/usr/bin/dpkg-splitroot 154100x800000000000000029958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.336{ec2a2542-2986-6254-b0d3-556951560000}4436/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-404a-0b2140560000}4433/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000029957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.336{ec2a2542-2986-6254-0000-000000000000}4434-root 534500x800000000000000029959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.337{ec2a2542-2986-6254-0000-000000000000}4435-root 534500x800000000000000029960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.338{ec2a2542-2986-6254-b0d3-556951560000}4436/bin/tarroot 534500x800000000000000029961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.339{ec2a2542-2986-6254-404a-0b2140560000}4433/usr/bin/dpkg-debroot 23542300x800000000000000029962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.368{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000029980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000029979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000029978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000029977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000029976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000029975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000029974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000029973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000029972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000029971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000029970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000029969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000029968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000029967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000029966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000029965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000029964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000029963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.370{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000030032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0069--- 23542300x800000000000000030031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0068--- 23542300x800000000000000030030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0067--- 23542300x800000000000000030029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0066--- 23542300x800000000000000030028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0065--- 23542300x800000000000000030027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0064--- 23542300x800000000000000030026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0063--- 23542300x800000000000000030025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0062--- 23542300x800000000000000030024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0061--- 23542300x800000000000000030023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0060--- 23542300x800000000000000030022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0059--- 23542300x800000000000000030021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0058--- 23542300x800000000000000030020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0057--- 23542300x800000000000000030019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0056--- 23542300x800000000000000030018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0055--- 23542300x800000000000000030017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0054--- 23542300x800000000000000030016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0053--- 23542300x800000000000000030015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0052--- 23542300x800000000000000030014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0051--- 23542300x800000000000000030013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0050--- 23542300x800000000000000030012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0049--- 23542300x800000000000000030011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0048--- 23542300x800000000000000030010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0047--- 23542300x800000000000000030009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0046--- 23542300x800000000000000030008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0045--- 23542300x800000000000000030007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0044--- 23542300x800000000000000030006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0043--- 23542300x800000000000000030005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0042--- 23542300x800000000000000030004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0041--- 23542300x800000000000000030003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000030002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000030001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000030000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000029999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000029998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000029997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000029996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000029995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000029994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000029993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000029992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000029991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000029990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000029989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000029988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000029987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000029986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000029985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000029984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000029983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000029982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000029981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.371{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000030088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0125--- 23542300x800000000000000030087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0124--- 23542300x800000000000000030086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0123--- 23542300x800000000000000030085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0122--- 23542300x800000000000000030084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0121--- 23542300x800000000000000030083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0120--- 23542300x800000000000000030082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0119--- 23542300x800000000000000030081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0118--- 23542300x800000000000000030080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0117--- 23542300x800000000000000030079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0116--- 23542300x800000000000000030078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0115--- 23542300x800000000000000030077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0114--- 23542300x800000000000000030076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0113--- 23542300x800000000000000030075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0112--- 23542300x800000000000000030074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0111--- 23542300x800000000000000030073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0110--- 23542300x800000000000000030072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0109--- 23542300x800000000000000030071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0108--- 23542300x800000000000000030070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0107--- 23542300x800000000000000030069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0106--- 23542300x800000000000000030068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0105--- 23542300x800000000000000030067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0104--- 23542300x800000000000000030066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0103--- 23542300x800000000000000030065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0102--- 23542300x800000000000000030064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0101--- 23542300x800000000000000030063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0100--- 23542300x800000000000000030062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0099--- 23542300x800000000000000030061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0098--- 23542300x800000000000000030060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0097--- 23542300x800000000000000030059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0096--- 23542300x800000000000000030058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0095--- 23542300x800000000000000030057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0094--- 23542300x800000000000000030056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0093--- 23542300x800000000000000030055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0092--- 23542300x800000000000000030054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0091--- 23542300x800000000000000030053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0090--- 23542300x800000000000000030052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0089--- 23542300x800000000000000030051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0088--- 23542300x800000000000000030050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0087--- 23542300x800000000000000030049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0086--- 23542300x800000000000000030048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0085--- 23542300x800000000000000030047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0084--- 23542300x800000000000000030046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0083--- 23542300x800000000000000030045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0082--- 23542300x800000000000000030044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0081--- 23542300x800000000000000030043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0080--- 23542300x800000000000000030042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0079--- 23542300x800000000000000030041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0078--- 23542300x800000000000000030040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0077--- 23542300x800000000000000030039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0076--- 23542300x800000000000000030038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0075--- 23542300x800000000000000030037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0074--- 23542300x800000000000000030036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0073--- 23542300x800000000000000030035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0072--- 23542300x800000000000000030034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0071--- 23542300x800000000000000030033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.372{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0070--- 23542300x800000000000000030142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0179--- 23542300x800000000000000030141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0178--- 23542300x800000000000000030140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0177--- 23542300x800000000000000030139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0176--- 23542300x800000000000000030138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0175--- 23542300x800000000000000030137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0174--- 23542300x800000000000000030136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0173--- 23542300x800000000000000030135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0172--- 23542300x800000000000000030134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0171--- 23542300x800000000000000030133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0170--- 23542300x800000000000000030132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0169--- 23542300x800000000000000030131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0168--- 23542300x800000000000000030130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0167--- 23542300x800000000000000030129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0166--- 23542300x800000000000000030128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0165--- 23542300x800000000000000030127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0164--- 23542300x800000000000000030126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0163--- 23542300x800000000000000030125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0162--- 23542300x800000000000000030124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0161--- 23542300x800000000000000030123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0160--- 23542300x800000000000000030122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0159--- 23542300x800000000000000030121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0158--- 23542300x800000000000000030120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0157--- 23542300x800000000000000030119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0156--- 23542300x800000000000000030118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0155--- 23542300x800000000000000030117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0154--- 23542300x800000000000000030116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0153--- 23542300x800000000000000030115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0152--- 23542300x800000000000000030114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0151--- 23542300x800000000000000030113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0150--- 23542300x800000000000000030112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0149--- 23542300x800000000000000030111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0148--- 23542300x800000000000000030110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0147--- 23542300x800000000000000030109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0146--- 23542300x800000000000000030108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0145--- 23542300x800000000000000030107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0144--- 23542300x800000000000000030106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0143--- 23542300x800000000000000030105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0142--- 23542300x800000000000000030104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0141--- 23542300x800000000000000030103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0140--- 23542300x800000000000000030102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0139--- 23542300x800000000000000030101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0138--- 23542300x800000000000000030100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0137--- 23542300x800000000000000030099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0136--- 23542300x800000000000000030098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0135--- 23542300x800000000000000030097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0134--- 23542300x800000000000000030096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0133--- 23542300x800000000000000030095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0132--- 23542300x800000000000000030094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0131--- 23542300x800000000000000030093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0130--- 23542300x800000000000000030092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0129--- 23542300x800000000000000030091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0128--- 23542300x800000000000000030090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0127--- 23542300x800000000000000030089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.373{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0126--- 23542300x800000000000000030197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0234--- 23542300x800000000000000030196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0233--- 23542300x800000000000000030195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0232--- 23542300x800000000000000030194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0231--- 23542300x800000000000000030193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0230--- 23542300x800000000000000030192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0229--- 23542300x800000000000000030191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0228--- 23542300x800000000000000030190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0227--- 23542300x800000000000000030189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0226--- 23542300x800000000000000030188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0225--- 23542300x800000000000000030187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0224--- 23542300x800000000000000030186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0223--- 23542300x800000000000000030185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0222--- 23542300x800000000000000030184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0221--- 23542300x800000000000000030183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0220--- 23542300x800000000000000030182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0219--- 23542300x800000000000000030181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0218--- 23542300x800000000000000030180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0217--- 23542300x800000000000000030179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0216--- 23542300x800000000000000030178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0215--- 23542300x800000000000000030177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0214--- 23542300x800000000000000030176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0213--- 23542300x800000000000000030175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0212--- 23542300x800000000000000030174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0211--- 23542300x800000000000000030173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0210--- 23542300x800000000000000030172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0209--- 23542300x800000000000000030171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0208--- 23542300x800000000000000030170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0207--- 23542300x800000000000000030169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0206--- 23542300x800000000000000030168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0205--- 23542300x800000000000000030167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0204--- 23542300x800000000000000030166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0203--- 23542300x800000000000000030165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0202--- 23542300x800000000000000030164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0201--- 23542300x800000000000000030163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0200--- 23542300x800000000000000030162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0199--- 23542300x800000000000000030161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0198--- 23542300x800000000000000030160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0197--- 23542300x800000000000000030159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0196--- 23542300x800000000000000030158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0195--- 23542300x800000000000000030157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0194--- 23542300x800000000000000030156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0193--- 23542300x800000000000000030155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0192--- 23542300x800000000000000030154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0191--- 23542300x800000000000000030153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0190--- 23542300x800000000000000030152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0189--- 23542300x800000000000000030151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0188--- 23542300x800000000000000030150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0187--- 23542300x800000000000000030149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0186--- 23542300x800000000000000030148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0185--- 23542300x800000000000000030147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0184--- 23542300x800000000000000030146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0183--- 23542300x800000000000000030145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0182--- 23542300x800000000000000030144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0181--- 23542300x800000000000000030143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.374{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0180--- 23542300x800000000000000030213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0250--- 23542300x800000000000000030212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0249--- 23542300x800000000000000030211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0248--- 23542300x800000000000000030210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0247--- 23542300x800000000000000030209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0246--- 23542300x800000000000000030208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0245--- 23542300x800000000000000030207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0244--- 23542300x800000000000000030206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0243--- 23542300x800000000000000030205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0242--- 23542300x800000000000000030204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0241--- 23542300x800000000000000030203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0240--- 23542300x800000000000000030202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0239--- 23542300x800000000000000030201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0238--- 23542300x800000000000000030200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0237--- 23542300x800000000000000030199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0236--- 23542300x800000000000000030198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.375{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0235--- 154100x800000000000000030214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.378{ec2a2542-2986-6254-408a-b1cae8550000}4437/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/081-libpangocairo-1.0-0_1.40.14-1ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.380{ec2a2542-2986-6254-0000-000000000000}4438-root 534500x800000000000000030217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.388{ec2a2542-2986-6254-408a-b1cae8550000}4437/usr/bin/dpkg-debroot 534500x800000000000000030216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.388{ec2a2542-2986-6254-0000-000000000000}4439-root 154100x800000000000000030218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.406{ec2a2542-2986-6254-70f3-c53cb0550000}4440/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.407{ec2a2542-2986-6254-70f3-c53cb0550000}4440/bin/rmroot 23542300x800000000000000030219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.407{ec2a2542-2986-6254-70f3-c53cb0550000}4440root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.408{ec2a2542-2986-6254-d8cf-56e2ee550000}4441/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/082-libxv1_2%3a1.0.11-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.409{ec2a2542-2986-6254-407a-969857550000}4442/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/082-libxv1_2%3a1.0.11-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.409{ec2a2542-2986-6254-d8cf-56e2ee550000}4441/usr/bin/dpkg-splitroot 534500x800000000000000030226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.412{ec2a2542-2986-6254-0000-000000000000}4444-root 154100x800000000000000030225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.412{ec2a2542-2986-6254-b033-baf40c560000}4445/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-407a-969857550000}4442/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.412{ec2a2542-2986-6254-0000-000000000000}4443-root 534500x800000000000000030228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.414{ec2a2542-2986-6254-407a-969857550000}4442/usr/bin/dpkg-debroot 534500x800000000000000030227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.414{ec2a2542-2986-6254-b033-baf40c560000}4445/bin/tarroot 154100x800000000000000030229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.438{ec2a2542-2986-6254-407a-712c82550000}4446/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/082-libxv1_2%3a1.0.11-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.440{ec2a2542-2986-6254-0000-000000000000}4447-root 534500x800000000000000030231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.442{00000000-0000-0000-0000-000000000000}4448<unknown process>root 534500x800000000000000030232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.443{ec2a2542-2986-6254-407a-712c82550000}4446/usr/bin/dpkg-debroot 154100x800000000000000030233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.465{ec2a2542-2986-6254-7083-e52975550000}4449/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.466{ec2a2542-2986-6254-7083-e52975550000}4449/bin/rmroot 23542300x800000000000000030234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.466{ec2a2542-2986-6254-7083-e52975550000}4449root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.467{ec2a2542-2986-6254-d8ff-f731ed550000}4450/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/083-gstreamer1.0-x_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.468{ec2a2542-2986-6254-40ea-cf6adc550000}4451/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/083-gstreamer1.0-x_1.14.5-0ubuntu1~18.04.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.468{ec2a2542-2986-6254-d8ff-f731ed550000}4450/usr/bin/dpkg-splitroot 154100x800000000000000030240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.470{ec2a2542-2986-6254-b093-7387c6550000}4454/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-40ea-cf6adc550000}4451/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.471{ec2a2542-2986-6254-0000-000000000000}4452-root 534500x800000000000000030242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.472{ec2a2542-2986-6254-b093-7387c6550000}4454/bin/tarroot 534500x800000000000000030241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.472{ec2a2542-2986-6254-0000-000000000000}4453-root 534500x800000000000000030243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.473{ec2a2542-2986-6254-40ea-cf6adc550000}4451/usr/bin/dpkg-debroot 154100x800000000000000030244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.489{ec2a2542-2986-6254-406a-28ae35560000}4455/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/083-gstreamer1.0-x_1.14.5-0ubuntu1~18.04.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.493{ec2a2542-2986-6254-0000-000000000000}4456-root 534500x800000000000000030246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.501{00000000-0000-0000-0000-000000000000}4457<unknown process>root 534500x800000000000000030247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.502{ec2a2542-2986-6254-406a-28ae35560000}4455/usr/bin/dpkg-debroot 154100x800000000000000030248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.543{ec2a2542-2986-6254-70a3-9b80ab550000}4458/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.545{ec2a2542-2986-6254-d80f-74cbaf550000}4459/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/084-ibverbs-providers_17.1-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.545{ec2a2542-2986-6254-70a3-9b80ab550000}4458/bin/rmroot 23542300x800000000000000030249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.545{ec2a2542-2986-6254-70a3-9b80ab550000}4458root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000030252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.546{ec2a2542-2986-6254-d80f-74cbaf550000}4459/usr/bin/dpkg-splitroot 154100x800000000000000030253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.547{ec2a2542-2986-6254-408a-9c3ec7550000}4460/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/084-ibverbs-providers_17.1-1ubuntu0.2_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.549{ec2a2542-2986-6254-b0d3-c7b513560000}4463/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-408a-9c3ec7550000}4460/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.549{ec2a2542-2986-6254-0000-000000000000}4461-root 534500x800000000000000030256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.550{ec2a2542-2986-6254-0000-000000000000}4462-root 534500x800000000000000030258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.551{ec2a2542-2986-6254-408a-9c3ec7550000}4460/usr/bin/dpkg-debroot 534500x800000000000000030257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.551{ec2a2542-2986-6254-b0d3-c7b513560000}4463/bin/tarroot 154100x800000000000000030259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.573{ec2a2542-2986-6254-401a-f3240b560000}4464/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/084-ibverbs-providers_17.1-1ubuntu0.2_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.589{ec2a2542-2986-6254-0000-000000000000}4465-root 534500x800000000000000030262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.596{ec2a2542-2986-6254-401a-f3240b560000}4464/usr/bin/dpkg-debroot 534500x800000000000000030261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.596{00000000-0000-0000-0000-000000000000}4466<unknown process>root 154100x800000000000000030263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.618{ec2a2542-2986-6254-70f3-c5454e560000}4467/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000030264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.619{ec2a2542-2986-6254-70f3-c5454e560000}4467root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.620{ec2a2542-2986-6254-d8ef-1f2119560000}4468/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/085-ipxe-qemu_1.0.0+git-20180124.fbe8c52d-0ubuntu2.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.620{ec2a2542-2986-6254-70f3-c5454e560000}4467/bin/rmroot 154100x800000000000000030268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.621{ec2a2542-2986-6254-40da-c02966550000}4469/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/085-ipxe-qemu_1.0.0+git-20180124.fbe8c52d-0ubuntu2.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.621{ec2a2542-2986-6254-d8ef-1f2119560000}4468/usr/bin/dpkg-splitroot 154100x800000000000000030270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.623{ec2a2542-2986-6254-b023-fa5dd5550000}4472/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-40da-c02966550000}4469/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.623{ec2a2542-2986-6254-0000-000000000000}4470-root 534500x800000000000000030271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.628{ec2a2542-2986-6254-0000-000000000000}4471-root 534500x800000000000000030273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.629{ec2a2542-2986-6254-40da-c02966550000}4469/usr/bin/dpkg-debroot 534500x800000000000000030272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.629{ec2a2542-2986-6254-b023-fa5dd5550000}4472/bin/tarroot 154100x800000000000000030274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.648{ec2a2542-2986-6254-406a-f0f011560000}4473/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/085-ipxe-qemu_1.0.0+git-20180124.fbe8c52d-0ubuntu2.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.739{ec2a2542-2986-6254-0000-000000000000}4474-root 534500x800000000000000030277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.751{ec2a2542-2986-6254-406a-f0f011560000}4473/usr/bin/dpkg-debroot 534500x800000000000000030276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.751{00000000-0000-0000-0000-000000000000}4475<unknown process>root 154100x800000000000000030278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.801{ec2a2542-2986-6254-70e3-1dc7a8550000}4476/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.802{ec2a2542-2986-6254-70e3-1dc7a8550000}4476/bin/rmroot 23542300x800000000000000030279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.802{ec2a2542-2986-6254-70e3-1dc7a8550000}4476root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.803{ec2a2542-2986-6254-d88f-21d0cd550000}4477/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/086-ipxe-qemu-256k-compat-efi-roms_1.0.0+git-20150424.a25a16d-0ubuntu2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.804{ec2a2542-2986-6254-405a-ffe69a550000}4478/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/086-ipxe-qemu-256k-compat-efi-roms_1.0.0+git-20150424.a25a16d-0ubuntu2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.804{ec2a2542-2986-6254-d88f-21d0cd550000}4477/usr/bin/dpkg-splitroot 154100x800000000000000030285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.806{ec2a2542-2986-6254-b063-4c7366550000}4481/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-405a-ffe69a550000}4478/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.806{ec2a2542-2986-6254-0000-000000000000}4479-root 534500x800000000000000030286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.807{ec2a2542-2986-6254-0000-000000000000}4480-root 534500x800000000000000030288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.809{ec2a2542-2986-6254-405a-ffe69a550000}4478/usr/bin/dpkg-debroot 534500x800000000000000030287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.809{ec2a2542-2986-6254-b063-4c7366550000}4481/bin/tarroot 154100x800000000000000030289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.824{ec2a2542-2986-6254-40ea-258703560000}4482/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/086-ipxe-qemu-256k-compat-efi-roms_1.0.0+git-20150424.a25a16d-0ubuntu2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.868{ec2a2542-2986-6254-0000-000000000000}4483-root 534500x800000000000000030291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.875{00000000-0000-0000-0000-000000000000}4484<unknown process>root 534500x800000000000000030292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.877{ec2a2542-2986-6254-40ea-258703560000}4482/usr/bin/dpkg-debroot 154100x800000000000000030293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.904{ec2a2542-2986-6254-7033-19e237560000}4485/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.906{ec2a2542-2986-6254-d89f-7696cd550000}4486/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/087-libaio1_0.3.110-5ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.906{ec2a2542-2986-6254-7033-19e237560000}4485/bin/rmroot 23542300x800000000000000030294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.906{ec2a2542-2986-6254-7033-19e237560000}4485root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.908{ec2a2542-2986-6254-406a-40a11b560000}4487/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/087-libaio1_0.3.110-5ubuntu0.1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.908{ec2a2542-2986-6254-d89f-7696cd550000}4486/usr/bin/dpkg-splitroot 154100x800000000000000030300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.910{ec2a2542-2986-6254-b033-40d710560000}4490/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-406a-40a11b560000}4487/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.910{ec2a2542-2986-6254-0000-000000000000}4488-root 534500x800000000000000030301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.911{ec2a2542-2986-6254-0000-000000000000}4489-root 534500x800000000000000030303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.912{ec2a2542-2986-6254-406a-40a11b560000}4487/usr/bin/dpkg-debroot 534500x800000000000000030302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.912{ec2a2542-2986-6254-b033-40d710560000}4490/bin/tarroot 154100x800000000000000030304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.935{ec2a2542-2986-6254-40fa-42d313560000}4491/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/087-libaio1_0.3.110-5ubuntu0.1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.937{ec2a2542-2986-6254-0000-000000000000}4492-root 534500x800000000000000030306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.940{00000000-0000-0000-0000-000000000000}4493<unknown process>root 534500x800000000000000030307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.941{ec2a2542-2986-6254-40fa-42d313560000}4491/usr/bin/dpkg-debroot 154100x800000000000000030308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.960{ec2a2542-2986-6254-7083-a16aa7550000}4494/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.962{ec2a2542-2986-6254-d88f-d504ce550000}4495/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/088-libasound2-data_1.1.3-5ubuntu0.6_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.962{ec2a2542-2986-6254-7083-a16aa7550000}4494/bin/rmroot 23542300x800000000000000030309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.962{ec2a2542-2986-6254-7083-a16aa7550000}4494root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.963{ec2a2542-2986-6254-409a-cf06f1550000}4496/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/088-libasound2-data_1.1.3-5ubuntu0.6_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.963{ec2a2542-2986-6254-d88f-d504ce550000}4495/usr/bin/dpkg-splitroot 154100x800000000000000030315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.965{ec2a2542-2986-6254-b013-0b7a35560000}4499/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2986-6254-409a-cf06f1550000}4496/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.965{ec2a2542-2986-6254-0000-000000000000}4497-root 534500x800000000000000030316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.966{ec2a2542-2986-6254-0000-000000000000}4498-root 534500x800000000000000030318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.968{ec2a2542-2986-6254-409a-cf06f1550000}4496/usr/bin/dpkg-debroot 534500x800000000000000030317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.968{ec2a2542-2986-6254-b013-0b7a35560000}4499/bin/tarroot 154100x800000000000000030319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.985{ec2a2542-2986-6254-404a-79926c550000}4500/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/088-libasound2-data_1.1.3-5ubuntu0.6_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:42.987{ec2a2542-2986-6254-0000-000000000000}4501-root 534500x800000000000000030322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.039{ec2a2542-2986-6254-404a-79926c550000}4500/usr/bin/dpkg-debroot 534500x800000000000000030321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.039{00000000-0000-0000-0000-000000000000}4502<unknown process>root 154100x800000000000000030323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.068{ec2a2542-2987-6254-7003-c67c9f550000}4503/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.069{ec2a2542-2987-6254-7003-c67c9f550000}4503/bin/rmroot 23542300x800000000000000030324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.069{ec2a2542-2987-6254-7003-c67c9f550000}4503root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.070{ec2a2542-2987-6254-d82f-0a9825560000}4504/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/089-libasound2_1.1.3-5ubuntu0.6_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.071{ec2a2542-2987-6254-d82f-0a9825560000}4504/usr/bin/dpkg-splitroot 154100x800000000000000030328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.072{ec2a2542-2987-6254-40aa-291bfd550000}4505/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/089-libasound2_1.1.3-5ubuntu0.6_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.073{ec2a2542-2987-6254-b033-3aa07e550000}4508/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2987-6254-40aa-291bfd550000}4505/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.074{ec2a2542-2987-6254-0000-000000000000}4506-root 534500x800000000000000030333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.076{ec2a2542-2987-6254-40aa-291bfd550000}4505/usr/bin/dpkg-debroot 534500x800000000000000030332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.076{ec2a2542-2987-6254-b033-3aa07e550000}4508/bin/tarroot 534500x800000000000000030331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.076{ec2a2542-2987-6254-0000-000000000000}4507-root 154100x800000000000000030334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.106{ec2a2542-2987-6254-408a-99efee550000}4509/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/089-libasound2_1.1.3-5ubuntu0.6_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.136{ec2a2542-2987-6254-0000-000000000000}4510-root 534500x800000000000000030337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.145{ec2a2542-2987-6254-408a-99efee550000}4509/usr/bin/dpkg-debroot 534500x800000000000000030336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.145{ec2a2542-2987-6254-0000-000000000000}4511-root 154100x800000000000000030338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.226{ec2a2542-2987-6254-70f3-a2251f560000}4512/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.227{ec2a2542-2987-6254-d8af-59d0ab550000}4513/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/090-libasyncns0_0.8-6_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.227{ec2a2542-2987-6254-70f3-a2251f560000}4512/bin/rmroot 23542300x800000000000000030339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.227{ec2a2542-2987-6254-70f3-a2251f560000}4512root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.229{ec2a2542-2987-6254-405a-2234e9550000}4514/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/090-libasyncns0_0.8-6_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.229{ec2a2542-2987-6254-d8af-59d0ab550000}4513/usr/bin/dpkg-splitroot 154100x800000000000000030345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.231{ec2a2542-2987-6254-b063-ff941c560000}4517/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2987-6254-405a-2234e9550000}4514/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.231{ec2a2542-2987-6254-0000-000000000000}4515-root 534500x800000000000000030346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.232{ec2a2542-2987-6254-0000-000000000000}4516-root 534500x800000000000000030347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.234{ec2a2542-2987-6254-b063-ff941c560000}4517/bin/tarroot 534500x800000000000000030348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.235{ec2a2542-2987-6254-405a-2234e9550000}4514/usr/bin/dpkg-debroot 154100x800000000000000030349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.255{ec2a2542-2987-6254-406a-9d9490550000}4518/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/090-libasyncns0_0.8-6_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.257{ec2a2542-2987-6254-0000-000000000000}4519-root 534500x800000000000000030352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.260{ec2a2542-2987-6254-406a-9d9490550000}4518/usr/bin/dpkg-debroot 534500x800000000000000030351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.260{ec2a2542-2987-6254-0000-000000000000}4520-root 154100x800000000000000030353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.282{ec2a2542-2987-6254-70d3-f71349560000}4521/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.283{ec2a2542-2987-6254-d84f-a57a6e550000}4522/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/091-libbluetooth3_5.48-0ubuntu3.8_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.283{ec2a2542-2987-6254-70d3-f71349560000}4521/bin/rmroot 23542300x800000000000000030354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.283{ec2a2542-2987-6254-70d3-f71349560000}4521root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000030357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.285{ec2a2542-2987-6254-d84f-a57a6e550000}4522/usr/bin/dpkg-splitroot 154100x800000000000000030358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.286{ec2a2542-2987-6254-407a-5aa2e9550000}4523/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/091-libbluetooth3_5.48-0ubuntu3.8_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.290{ec2a2542-2987-6254-b0d3-2d8655550000}4526/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2987-6254-407a-5aa2e9550000}4523/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.290{ec2a2542-2987-6254-0000-000000000000}4524-root 534500x800000000000000030361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.291{ec2a2542-2987-6254-0000-000000000000}4525-root 534500x800000000000000030363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.293{ec2a2542-2987-6254-407a-5aa2e9550000}4523/usr/bin/dpkg-debroot 534500x800000000000000030362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.293{ec2a2542-2987-6254-b0d3-2d8655550000}4526/bin/tarroot 154100x800000000000000030364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.319{ec2a2542-2987-6254-409a-7decff550000}4527/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/091-libbluetooth3_5.48-0ubuntu3.8_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.321{ec2a2542-2987-6254-0000-000000000000}4528-root 534500x800000000000000030367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.328{ec2a2542-2987-6254-409a-7decff550000}4527/usr/bin/dpkg-debroot 534500x800000000000000030366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.328{00000000-0000-0000-0000-000000000000}4529<unknown process>root 154100x800000000000000030368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.350{ec2a2542-2987-6254-7083-42718c550000}4530/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.352{ec2a2542-2987-6254-d80f-464b79550000}4531/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/092-libcacard0_1%3a2.5.0-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.352{ec2a2542-2987-6254-7083-42718c550000}4530/bin/rmroot 23542300x800000000000000030369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.352{ec2a2542-2987-6254-7083-42718c550000}4530root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.354{ec2a2542-2987-6254-407a-3181d4550000}4532/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/092-libcacard0_1%3a2.5.0-3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.354{ec2a2542-2987-6254-d80f-464b79550000}4531/usr/bin/dpkg-splitroot 534500x800000000000000030376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.356{ec2a2542-2987-6254-0000-000000000000}4534-root 154100x800000000000000030375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.356{ec2a2542-2987-6254-b0b3-077414560000}4535/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2987-6254-407a-3181d4550000}4532/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:43.356{ec2a2542-2987-6254-0000-000000000000}4533-root 534500x800000000000000030591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.335{ec2a2542-2989-6254-0000-000000000000}4663-root 534500x800000000000000030593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.347{ec2a2542-2989-6254-408a-882942560000}4662/usr/bin/dpkg-debroot 534500x800000000000000030592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.347{00000000-0000-0000-0000-000000000000}4664<unknown process>root 154100x800000000000000030594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.398{ec2a2542-298a-6254-7073-f6e959550000}4665/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.399{ec2a2542-298a-6254-7073-f6e959550000}4665/bin/rmroot 23542300x800000000000000030595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.399{ec2a2542-298a-6254-7073-f6e959550000}4665root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.400{ec2a2542-298a-6254-d87f-8dcc4f560000}4666/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/107-qemu-slof_20170724+dfsg-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.401{ec2a2542-298a-6254-40fa-dff5e1550000}4667/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/107-qemu-slof_20170724+dfsg-1ubuntu1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.401{ec2a2542-298a-6254-d87f-8dcc4f560000}4666/usr/bin/dpkg-splitroot 154100x800000000000000030601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.403{ec2a2542-298a-6254-b0e3-56b6c4550000}4670/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298a-6254-40fa-dff5e1550000}4667/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.403{ec2a2542-298a-6254-0000-000000000000}4668-root 534500x800000000000000030602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.404{ec2a2542-298a-6254-0000-000000000000}4669-root 534500x800000000000000030603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.405{ec2a2542-298a-6254-b0e3-56b6c4550000}4670/bin/tarroot 534500x800000000000000030604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.406{ec2a2542-298a-6254-40fa-dff5e1550000}4667/usr/bin/dpkg-debroot 154100x800000000000000030605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.420{ec2a2542-298a-6254-40aa-17bd7c550000}4671/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/107-qemu-slof_20170724+dfsg-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.433{ec2a2542-298a-6254-0000-000000000000}4672-root 534500x800000000000000030608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.442{ec2a2542-298a-6254-40aa-17bd7c550000}4671/usr/bin/dpkg-debroot 534500x800000000000000030607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.442{ec2a2542-298a-6254-0000-000000000000}4673-root 154100x800000000000000030609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.461{ec2a2542-298a-6254-70c3-3a7916560000}4674/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.462{ec2a2542-298a-6254-70c3-3a7916560000}4674/bin/rmroot 23542300x800000000000000030610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.462{ec2a2542-298a-6254-70c3-3a7916560000}4674root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.463{ec2a2542-298a-6254-d80f-350c57550000}4675/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/108-qemu-system-ppc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.464{ec2a2542-298a-6254-408a-c1b130560000}4676/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/108-qemu-system-ppc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.464{ec2a2542-298a-6254-d80f-350c57550000}4675/usr/bin/dpkg-splitroot 154100x800000000000000030616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.466{ec2a2542-298a-6254-b083-974cd5550000}4679/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298a-6254-408a-c1b130560000}4676/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.466{ec2a2542-298a-6254-0000-000000000000}4677-root 534500x800000000000000030617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.467{ec2a2542-298a-6254-0000-000000000000}4678-root 534500x800000000000000030619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.469{ec2a2542-298a-6254-408a-c1b130560000}4676/usr/bin/dpkg-debroot 534500x800000000000000030618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.469{ec2a2542-298a-6254-b083-974cd5550000}4679/bin/tarroot 154100x800000000000000030620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:46.484{ec2a2542-298a-6254-400a-867360550000}4680/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/108-qemu-system-ppc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.292{ec2a2542-298a-6254-0000-000000000000}4681-root 534500x800000000000000030622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.306{ec2a2542-298a-6254-0000-000000000000}4682-root 534500x800000000000000030623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.307{ec2a2542-298a-6254-400a-867360550000}4680/usr/bin/dpkg-debroot 154100x800000000000000030624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.380{ec2a2542-298b-6254-7063-357fdf550000}4683/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.382{ec2a2542-298b-6254-d8ef-2e63b6550000}4684/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/109-qemu-system-sparc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.382{ec2a2542-298b-6254-7063-357fdf550000}4683/bin/rmroot 23542300x800000000000000030625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.382{ec2a2542-298b-6254-7063-357fdf550000}4683root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.384{ec2a2542-298b-6254-40aa-68c3fd550000}4685/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/109-qemu-system-sparc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.384{ec2a2542-298b-6254-d8ef-2e63b6550000}4684/usr/bin/dpkg-splitroot 154100x800000000000000030631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.386{ec2a2542-298b-6254-b0d3-74c7a7550000}4688/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-40aa-68c3fd550000}4685/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.386{ec2a2542-298b-6254-0000-000000000000}4686-root 534500x800000000000000030632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.387{ec2a2542-298b-6254-0000-000000000000}4687-root 534500x800000000000000030633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.389{ec2a2542-298b-6254-b0d3-74c7a7550000}4688/bin/tarroot 534500x800000000000000030634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.390{ec2a2542-298b-6254-40aa-68c3fd550000}4685/usr/bin/dpkg-debroot 154100x800000000000000030635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.406{ec2a2542-298b-6254-409a-0c6d41560000}4689/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/109-qemu-system-sparc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.711{ec2a2542-298b-6254-0000-000000000000}4690-root 534500x800000000000000030638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.724{ec2a2542-298b-6254-409a-0c6d41560000}4689/usr/bin/dpkg-debroot 534500x800000000000000030637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.724{ec2a2542-298b-6254-0000-000000000000}4691-root 154100x800000000000000030639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.781{ec2a2542-298b-6254-7023-dcb16d550000}4692/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000030640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.782{ec2a2542-298b-6254-7023-dcb16d550000}4692root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.783{ec2a2542-298b-6254-d83f-22584a560000}4693/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/110-seabios_1.10.2-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.783{ec2a2542-298b-6254-7023-dcb16d550000}4692/bin/rmroot 154100x800000000000000030644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.784{ec2a2542-298b-6254-405a-a6ae94550000}4694/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/110-seabios_1.10.2-1ubuntu1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.784{ec2a2542-298b-6254-d83f-22584a560000}4693/usr/bin/dpkg-splitroot 154100x800000000000000030647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.786{ec2a2542-298b-6254-b053-dbe2a2550000}4697/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-405a-a6ae94550000}4694/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.786{ec2a2542-298b-6254-0000-000000000000}4695-root 534500x800000000000000030646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.787{ec2a2542-298b-6254-0000-000000000000}4696-root 534500x800000000000000030649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.789{ec2a2542-298b-6254-405a-a6ae94550000}4694/usr/bin/dpkg-debroot 534500x800000000000000030648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.789{ec2a2542-298b-6254-b053-dbe2a2550000}4697/bin/tarroot 154100x800000000000000030650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.810{ec2a2542-298b-6254-40ba-4164fa550000}4698/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/110-seabios_1.10.2-1ubuntu1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.823{ec2a2542-298b-6254-0000-000000000000}4699-root 534500x800000000000000030653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.833{ec2a2542-298b-6254-40ba-4164fa550000}4698/usr/bin/dpkg-debroot 534500x800000000000000030652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.833{00000000-0000-0000-0000-000000000000}4700<unknown process>root 154100x800000000000000030654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.852{ec2a2542-298b-6254-7013-bd4e6a550000}4701/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.854{ec2a2542-298b-6254-d8ef-e4b8aa550000}4702/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/111-qemu-system-x86_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.854{ec2a2542-298b-6254-7013-bd4e6a550000}4701/bin/rmroot 23542300x800000000000000030655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.854{ec2a2542-298b-6254-7013-bd4e6a550000}4701root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000030658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.855{ec2a2542-298b-6254-d8ef-e4b8aa550000}4702/usr/bin/dpkg-splitroot 154100x800000000000000030659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.856{ec2a2542-298b-6254-406a-e41428560000}4703/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/111-qemu-system-x86_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.857{ec2a2542-298b-6254-b0b3-17fd54560000}4706/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-406a-e41428560000}4703/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.858{ec2a2542-298b-6254-0000-000000000000}4704-root 534500x800000000000000030662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.859{ec2a2542-298b-6254-0000-000000000000}4705-root 534500x800000000000000030664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.860{ec2a2542-298b-6254-406a-e41428560000}4703/usr/bin/dpkg-debroot 534500x800000000000000030663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.860{ec2a2542-298b-6254-b0b3-17fd54560000}4706/bin/tarroot 154100x800000000000000030665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.887{ec2a2542-298b-6254-68f2-70a145560000}4707/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.890{ec2a2542-298b-6254-68e2-fa5ae9550000}4708/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/init.d/qemu-system-x86 1:2.2+dfsg-3~ -- install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68f2-70a145560000}4707/bin/dash/bin/shroot 154100x800000000000000030667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.891{ec2a2542-298b-6254-e8cb-10fe08560000}4709/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68e2-fa5ae9550000}4708/bin/dash/bin/shroot 154100x800000000000000030669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.892{ec2a2542-298b-6254-7091-9f7baf550000}4710/usr/bin/dpkg-----dpkg --validate-version -- 1:2.2+dfsg-3~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68e2-fa5ae9550000}4708/bin/dash/bin/shroot 534500x800000000000000030668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.892{ec2a2542-298b-6254-e8cb-10fe08560000}4709/usr/bin/basenameroot 534500x800000000000000030670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.895{ec2a2542-298b-6254-7091-9f7baf550000}4710/usr/bin/dpkgroot 154100x800000000000000030672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.896{ec2a2542-298b-6254-68c2-a98092550000}4711/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/qemu/target-x86_64.conf 1:2.4+dfsg-1~ -- install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68f2-70a145560000}4707/bin/dash/bin/shroot 534500x800000000000000030671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.896{ec2a2542-298b-6254-68e2-fa5ae9550000}4708/bin/dashroot 154100x800000000000000030673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.897{ec2a2542-298b-6254-e86b-8f0239560000}4712/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68c2-a98092550000}4711/bin/dash/bin/shroot 154100x800000000000000030675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.898{ec2a2542-298b-6254-7081-dd22ca550000}4713/usr/bin/dpkg-----dpkg --validate-version -- 1:2.4+dfsg-1~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298b-6254-68c2-a98092550000}4711/bin/dash/bin/shroot 534500x800000000000000030674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.898{ec2a2542-298b-6254-e86b-8f0239560000}4712/usr/bin/basenameroot 534500x800000000000000030677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.900{ec2a2542-298b-6254-68c2-a98092550000}4711/bin/dashroot 534500x800000000000000030676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.900{ec2a2542-298b-6254-7081-dd22ca550000}4713/usr/bin/dpkgroot 154100x800000000000000030679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.901{ec2a2542-298b-6254-40ea-4cb479550000}4714/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/111-qemu-system-x86_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:47.901{ec2a2542-298b-6254-68f2-70a145560000}4707/bin/dashroot 534500x800000000000000030680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.507{ec2a2542-298b-6254-0000-000000000000}4715-root 534500x800000000000000030681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.517{ec2a2542-298b-6254-0000-000000000000}4716-root 534500x800000000000000030682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.518{ec2a2542-298b-6254-40ea-4cb479550000}4714/usr/bin/dpkg-debroot 154100x800000000000000030683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.603{ec2a2542-298c-6254-7053-708d42560000}4717/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000030684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.604{ec2a2542-298c-6254-7053-708d42560000}4717root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.605{ec2a2542-298c-6254-d81f-542f78550000}4718/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/112-qemu-system-s390x_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.605{ec2a2542-298c-6254-7053-708d42560000}4717/bin/rmroot 534500x800000000000000030687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.606{ec2a2542-298c-6254-d81f-542f78550000}4718/usr/bin/dpkg-splitroot 154100x800000000000000030688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.607{ec2a2542-298c-6254-407a-481551560000}4719/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/112-qemu-system-s390x_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.609{ec2a2542-298c-6254-0000-000000000000}4720-root 154100x800000000000000030690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.610{ec2a2542-298c-6254-b0d3-4cb271550000}4722/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298c-6254-407a-481551560000}4719/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.611{ec2a2542-298c-6254-0000-000000000000}4721-root 534500x800000000000000030693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.613{ec2a2542-298c-6254-407a-481551560000}4719/usr/bin/dpkg-debroot 534500x800000000000000030692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.613{ec2a2542-298c-6254-b0d3-4cb271550000}4722/bin/tarroot 154100x800000000000000030694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.629{ec2a2542-298c-6254-404a-a26173550000}4723/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/112-qemu-system-s390x_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 354300x800000000000000030695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.751{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54750-false10.0.1.12-8000- 534500x800000000000000030696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.841{ec2a2542-298c-6254-0000-000000000000}4724-root 534500x800000000000000030698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.852{ec2a2542-298c-6254-404a-a26173550000}4723/usr/bin/dpkg-debroot 534500x800000000000000030697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.852{ec2a2542-298c-6254-0000-000000000000}4725-root 154100x800000000000000030699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.908{ec2a2542-298c-6254-7053-183cad550000}4726/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.909{ec2a2542-298c-6254-7053-183cad550000}4726/bin/rmroot 23542300x800000000000000030700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.909{ec2a2542-298c-6254-7053-183cad550000}4726root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.910{ec2a2542-298c-6254-d88f-17aada550000}4727/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/113-qemu-system-misc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.911{ec2a2542-298c-6254-40da-3d750d560000}4728/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/113-qemu-system-misc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.911{ec2a2542-298c-6254-d88f-17aada550000}4727/usr/bin/dpkg-splitroot 154100x800000000000000030706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.913{ec2a2542-298c-6254-b0e3-511f2a560000}4731/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298c-6254-40da-3d750d560000}4728/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.913{ec2a2542-298c-6254-0000-000000000000}4729-root 534500x800000000000000030707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.914{ec2a2542-298c-6254-0000-000000000000}4730-root 534500x800000000000000030709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.916{ec2a2542-298c-6254-40da-3d750d560000}4728/usr/bin/dpkg-debroot 534500x800000000000000030708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.916{ec2a2542-298c-6254-b0e3-511f2a560000}4731/bin/tarroot 154100x800000000000000030710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:48.933{ec2a2542-298c-6254-407a-deaa95550000}4732/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/113-qemu-system-misc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.578{ec2a2542-298c-6254-0000-000000000000}4733-root 534500x800000000000000030713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.592{ec2a2542-298c-6254-407a-deaa95550000}4732/usr/bin/dpkg-debroot 534500x800000000000000030712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.592{00000000-0000-0000-0000-000000000000}4734<unknown process>root 154100x800000000000000030714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.640{ec2a2542-298e-6254-70e3-5164c2550000}4735/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 23542300x800000000000000030715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.641{ec2a2542-298e-6254-70e3-5164c2550000}4735root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.642{ec2a2542-298e-6254-d84f-913478550000}4736/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/114-qemu-system_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.642{ec2a2542-298e-6254-70e3-5164c2550000}4735/bin/rmroot 534500x800000000000000030718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.643{ec2a2542-298e-6254-d84f-913478550000}4736/usr/bin/dpkg-splitroot 154100x800000000000000030719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.644{ec2a2542-298e-6254-400a-8d0d6e550000}4737/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/114-qemu-system_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.647{ec2a2542-298e-6254-b023-7a238f550000}4740/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298e-6254-400a-8d0d6e550000}4737/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.647{ec2a2542-298e-6254-0000-000000000000}4738-root 534500x800000000000000030722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.649{ec2a2542-298e-6254-0000-000000000000}4739-root 534500x800000000000000030724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.650{ec2a2542-298e-6254-400a-8d0d6e550000}4737/usr/bin/dpkg-debroot 534500x800000000000000030723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.650{ec2a2542-298e-6254-b023-7a238f550000}4740/bin/tarroot 154100x800000000000000030725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.666{ec2a2542-298e-6254-40fa-c679bd550000}4741/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/114-qemu-system_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.668{ec2a2542-298e-6254-0000-000000000000}4742-root 534500x800000000000000030728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.670{ec2a2542-298e-6254-40fa-c679bd550000}4741/usr/bin/dpkg-debroot 534500x800000000000000030727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.670{00000000-0000-0000-0000-000000000000}4743<unknown process>root 154100x800000000000000030729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.689{ec2a2542-298e-6254-7083-594c0f560000}4744/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.691{ec2a2542-298e-6254-d88f-ea00ec550000}4745/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/115-qemu-user_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.691{ec2a2542-298e-6254-7083-594c0f560000}4744/bin/rmroot 23542300x800000000000000030730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.691{ec2a2542-298e-6254-7083-594c0f560000}4744root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.693{ec2a2542-298e-6254-402a-275e6d550000}4746/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/115-qemu-user_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.693{ec2a2542-298e-6254-d88f-ea00ec550000}4745/usr/bin/dpkg-splitroot 154100x800000000000000030736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.695{ec2a2542-298e-6254-b043-0e48b5550000}4749/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298e-6254-402a-275e6d550000}4746/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.695{ec2a2542-298e-6254-0000-000000000000}4747-root 534500x800000000000000030737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.696{ec2a2542-298e-6254-0000-000000000000}4748-root 534500x800000000000000030739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.697{ec2a2542-298e-6254-402a-275e6d550000}4746/usr/bin/dpkg-debroot 534500x800000000000000030738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.697{ec2a2542-298e-6254-b043-0e48b5550000}4749/bin/tarroot 154100x800000000000000030740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:50.714{ec2a2542-298e-6254-406a-fb6136560000}4750/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/115-qemu-user_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.586{ec2a2542-298e-6254-0000-000000000000}4751-root 534500x800000000000000030743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.595{ec2a2542-298e-6254-406a-fb6136560000}4750/usr/bin/dpkg-debroot 534500x800000000000000030742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.595{ec2a2542-298e-6254-0000-000000000000}4752-root 154100x800000000000000030744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.653{ec2a2542-298f-6254-70c3-6210cd550000}4753/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.655{ec2a2542-298f-6254-d89f-cd09b7550000}4754/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/116-qemu-utils_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.655{ec2a2542-298f-6254-70c3-6210cd550000}4753/bin/rmroot 23542300x800000000000000030745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.655{ec2a2542-298f-6254-70c3-6210cd550000}4753root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.657{ec2a2542-298f-6254-40da-1c53b8550000}4755/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/116-qemu-utils_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.657{ec2a2542-298f-6254-d89f-cd09b7550000}4754/usr/bin/dpkg-splitroot 154100x800000000000000030751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.659{ec2a2542-298f-6254-b0d3-a9ed50560000}4758/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298f-6254-40da-1c53b8550000}4755/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.659{ec2a2542-298f-6254-0000-000000000000}4756-root 534500x800000000000000030752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.660{ec2a2542-298f-6254-0000-000000000000}4757-root 534500x800000000000000030754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.661{ec2a2542-298f-6254-40da-1c53b8550000}4755/usr/bin/dpkg-debroot 534500x800000000000000030753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.661{ec2a2542-298f-6254-b0d3-a9ed50560000}4758/bin/tarroot 154100x800000000000000030755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.677{ec2a2542-298f-6254-407a-070c20560000}4759/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/116-qemu-utils_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.781{ec2a2542-298f-6254-0000-000000000000}4760-root 534500x800000000000000030757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.791{00000000-0000-0000-0000-000000000000}4761<unknown process>root 534500x800000000000000030758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.792{ec2a2542-298f-6254-407a-070c20560000}4759/usr/bin/dpkg-debroot 154100x800000000000000030759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.840{ec2a2542-298f-6254-7033-fb05f2550000}4762/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.841{ec2a2542-298f-6254-7033-fb05f2550000}4762/bin/rmroot 23542300x800000000000000030760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.841{ec2a2542-298f-6254-7033-fb05f2550000}4762root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.842{ec2a2542-298f-6254-d8ff-7d9b82550000}4763/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/117-qemu_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.844{ec2a2542-298f-6254-401a-e0769b550000}4764/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/117-qemu_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.844{ec2a2542-298f-6254-d8ff-7d9b82550000}4763/usr/bin/dpkg-splitroot 154100x800000000000000030766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.846{ec2a2542-298f-6254-b093-d33b7a550000}4767/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298f-6254-401a-e0769b550000}4764/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.846{ec2a2542-298f-6254-0000-000000000000}4765-root 534500x800000000000000030768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.851{ec2a2542-298f-6254-b093-d33b7a550000}4767/bin/tarroot 534500x800000000000000030767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.851{ec2a2542-298f-6254-0000-000000000000}4766-root 534500x800000000000000030769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.852{ec2a2542-298f-6254-401a-e0769b550000}4764/usr/bin/dpkg-debroot 154100x800000000000000030770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.867{ec2a2542-298f-6254-40ca-28a161550000}4768/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/117-qemu_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.884{ec2a2542-298f-6254-0000-000000000000}4769-root 534500x800000000000000030773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.888{ec2a2542-298f-6254-40ca-28a161550000}4768/usr/bin/dpkg-debroot 534500x800000000000000030772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.888{ec2a2542-298f-6254-0000-000000000000}4770-root 154100x800000000000000030774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.908{ec2a2542-298f-6254-7033-81eabf550000}4771/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.910{ec2a2542-298f-6254-d83f-44ff08560000}4772/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/118-qemu-user-static_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.910{ec2a2542-298f-6254-7033-81eabf550000}4771/bin/rmroot 23542300x800000000000000030775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.910{ec2a2542-298f-6254-7033-81eabf550000}4771root/bin/rm/var/lib/dpkg/tmp.ci/control--- 534500x800000000000000030778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.911{ec2a2542-298f-6254-d83f-44ff08560000}4772/usr/bin/dpkg-splitroot 154100x800000000000000030779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.912{ec2a2542-298f-6254-40da-5049f3550000}4773/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/118-qemu-user-static_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.913{ec2a2542-298f-6254-b0c3-a826d1550000}4776/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-298f-6254-40da-5049f3550000}4773/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.915{ec2a2542-298f-6254-0000-000000000000}4774-root 534500x800000000000000030781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.915{ec2a2542-298f-6254-0000-000000000000}4775-root 534500x800000000000000030784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.917{ec2a2542-298f-6254-40da-5049f3550000}4773/usr/bin/dpkg-debroot 534500x800000000000000030783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.917{ec2a2542-298f-6254-b0c3-a826d1550000}4776/bin/tarroot 154100x800000000000000030785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:51.937{ec2a2542-298f-6254-40ea-c2e256550000}4777/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/118-qemu-user-static_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.331{ec2a2542-298f-6254-0000-000000000000}4778-root 534500x800000000000000030787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.343{ec2a2542-298f-6254-0000-000000000000}4779-root 534500x800000000000000030788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.344{ec2a2542-298f-6254-40ea-c2e256550000}4777/usr/bin/dpkg-debroot 154100x800000000000000030789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.398{ec2a2542-2991-6254-70e3-88166e550000}4780/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000030792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.399{ec2a2542-2991-6254-d83f-0372ef550000}4781/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-7NsVNE/119-sharutils_1%3a4.15.2-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.399{ec2a2542-2991-6254-70e3-88166e550000}4780/bin/rmroot 23542300x800000000000000030790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.399{ec2a2542-2991-6254-70e3-88166e550000}4780root/bin/rm/var/lib/dpkg/tmp.ci/control--- 154100x800000000000000030794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.401{ec2a2542-2991-6254-40da-95c6ba550000}4782/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-7NsVNE/119-sharutils_1%3a4.15.2-3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.401{ec2a2542-2991-6254-d83f-0372ef550000}4781/usr/bin/dpkg-splitroot 154100x800000000000000030797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.403{ec2a2542-2991-6254-b033-f65d22560000}4785/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-40da-95c6ba550000}4782/usr/bin/dpkg-debdpkg-debroot 534500x800000000000000030795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.403{ec2a2542-2991-6254-0000-000000000000}4783-root 534500x800000000000000030796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.404{ec2a2542-2991-6254-0000-000000000000}4784-root 534500x800000000000000030799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.407{ec2a2542-2991-6254-40da-95c6ba550000}4782/usr/bin/dpkg-debroot 534500x800000000000000030798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.407{ec2a2542-2991-6254-b033-f65d22560000}4785/bin/tarroot 154100x800000000000000030800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.422{ec2a2542-2991-6254-40ca-fe21b3550000}4786/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-7NsVNE/119-sharutils_1%3a4.15.2-3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.434{ec2a2542-2991-6254-0000-000000000000}4787-root 534500x800000000000000030803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.443{ec2a2542-2991-6254-40ca-fe21b3550000}4786/usr/bin/dpkg-debroot 534500x800000000000000030802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.443{00000000-0000-0000-0000-000000000000}4788<unknown process>root 154100x800000000000000030804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.495{ec2a2542-2991-6254-70a3-891f99550000}4789/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkg/usr/bin/dpkgroot 534500x800000000000000030806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.496{ec2a2542-2991-6254-70a3-891f99550000}4789/bin/rmroot 23542300x800000000000000030805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.496{ec2a2542-2991-6254-70a3-891f99550000}4789root/bin/rm/var/lib/dpkg/tmp.ci/control--- 23542300x800000000000000030807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.503{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/status-old--- 23542300x800000000000000030841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0033--- 23542300x800000000000000030840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0032--- 23542300x800000000000000030839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0031--- 23542300x800000000000000030838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0030--- 23542300x800000000000000030837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0029--- 23542300x800000000000000030836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0028--- 23542300x800000000000000030835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0027--- 23542300x800000000000000030834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0026--- 23542300x800000000000000030833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0025--- 23542300x800000000000000030832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0024--- 23542300x800000000000000030831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0023--- 23542300x800000000000000030830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0022--- 23542300x800000000000000030829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0021--- 23542300x800000000000000030828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0020--- 23542300x800000000000000030827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0019--- 23542300x800000000000000030826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0018--- 23542300x800000000000000030825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0017--- 23542300x800000000000000030824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0016--- 23542300x800000000000000030823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0015--- 23542300x800000000000000030822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0014--- 23542300x800000000000000030821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0013--- 23542300x800000000000000030820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0012--- 23542300x800000000000000030819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0011--- 23542300x800000000000000030818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0010--- 23542300x800000000000000030817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0009--- 23542300x800000000000000030816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0008--- 23542300x800000000000000030815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0007--- 23542300x800000000000000030814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0006--- 23542300x800000000000000030813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0005--- 23542300x800000000000000030812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0004--- 23542300x800000000000000030811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0003--- 23542300x800000000000000030810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0002--- 23542300x800000000000000030809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0001--- 23542300x800000000000000030808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.505{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0000--- 23542300x800000000000000030896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0088--- 23542300x800000000000000030895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0087--- 23542300x800000000000000030894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0086--- 23542300x800000000000000030893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0085--- 23542300x800000000000000030892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0084--- 23542300x800000000000000030891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0083--- 23542300x800000000000000030890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0082--- 23542300x800000000000000030889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0081--- 23542300x800000000000000030888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0080--- 23542300x800000000000000030887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0079--- 23542300x800000000000000030886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0078--- 23542300x800000000000000030885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0077--- 23542300x800000000000000030884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0076--- 23542300x800000000000000030883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0075--- 23542300x800000000000000030882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0074--- 23542300x800000000000000030881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0073--- 23542300x800000000000000030880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0072--- 23542300x800000000000000030879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0071--- 23542300x800000000000000030878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0070--- 23542300x800000000000000030877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0069--- 23542300x800000000000000030876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0068--- 23542300x800000000000000030875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0067--- 23542300x800000000000000030874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0066--- 23542300x800000000000000030873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0065--- 23542300x800000000000000030872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0064--- 23542300x800000000000000030871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0063--- 23542300x800000000000000030870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0062--- 23542300x800000000000000030869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0061--- 23542300x800000000000000030868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0060--- 23542300x800000000000000030867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0059--- 23542300x800000000000000030866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0058--- 23542300x800000000000000030865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0057--- 23542300x800000000000000030864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0056--- 23542300x800000000000000030863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0055--- 23542300x800000000000000030862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0054--- 23542300x800000000000000030861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0053--- 23542300x800000000000000030860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0052--- 23542300x800000000000000030859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0051--- 23542300x800000000000000030858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0050--- 23542300x800000000000000030857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0049--- 23542300x800000000000000030856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0048--- 23542300x800000000000000030855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0047--- 23542300x800000000000000030854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0046--- 23542300x800000000000000030853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0045--- 23542300x800000000000000030852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0044--- 23542300x800000000000000030851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0043--- 23542300x800000000000000030850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0042--- 23542300x800000000000000030849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0041--- 23542300x800000000000000030848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0040--- 23542300x800000000000000030847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0039--- 23542300x800000000000000030846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0038--- 23542300x800000000000000030845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0037--- 23542300x800000000000000030844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0036--- 23542300x800000000000000030843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0035--- 23542300x800000000000000030842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.506{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0034--- 23542300x800000000000000030924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0116--- 23542300x800000000000000030923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0115--- 23542300x800000000000000030922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0114--- 23542300x800000000000000030921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0113--- 23542300x800000000000000030920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0112--- 23542300x800000000000000030919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0111--- 23542300x800000000000000030918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0110--- 23542300x800000000000000030917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0109--- 23542300x800000000000000030916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0108--- 23542300x800000000000000030915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0107--- 23542300x800000000000000030914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0106--- 23542300x800000000000000030913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0105--- 23542300x800000000000000030912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0104--- 23542300x800000000000000030911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0103--- 23542300x800000000000000030910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0102--- 23542300x800000000000000030909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0101--- 23542300x800000000000000030908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0100--- 23542300x800000000000000030907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0099--- 23542300x800000000000000030906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0098--- 23542300x800000000000000030905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0097--- 23542300x800000000000000030904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0096--- 23542300x800000000000000030903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0095--- 23542300x800000000000000030902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0094--- 23542300x800000000000000030901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0093--- 23542300x800000000000000030900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0092--- 23542300x800000000000000030899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0091--- 23542300x800000000000000030898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0090--- 23542300x800000000000000030897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.507{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/0089--- 23542300x800000000000000030925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.511{ec2a2542-297f-6254-7041-77738e550000}3684root/usr/bin/dpkg/var/lib/dpkg/updates/tmp.i--- 23542300x800000000000000030930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.514{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/093-libgdk-pixbuf2.0-bin_2.36.11-2_amd64.deb--- 23542300x800000000000000030929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.514{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/002-libfontconfig1_2.12.6-0ubuntu2_amd64.deb--- 23542300x800000000000000030928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.514{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/083-gstreamer1.0-x_1.14.5-0ubuntu1~18.04.3_amd64.deb--- 23542300x800000000000000030927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.514{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/024-glib-networking-services_2.56.0-1ubuntu0.1_amd64.deb--- 534500x800000000000000030926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.514{ec2a2542-297f-6254-7041-77738e550000}3684/usr/bin/dpkgroot 23542300x800000000000000030937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/114-qemu-system_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/041-gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.deb--- 23542300x800000000000000030935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/073-gstreamer1.0-plugins-good_1.14.5-0ubuntu1~18.04.2_amd64.deb--- 23542300x800000000000000030934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/004-libjpeg-turbo8_1.5.2-0ubuntu5.18.04.4_amd64.deb--- 23542300x800000000000000030933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/092-libcacard0_1%3a2.5.0-3_amd64.deb--- 23542300x800000000000000030932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/072-libxfixes3_1%3a5.0.3-1_amd64.deb--- 23542300x800000000000000030931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.515{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/074-libthai-data_0.1.27-2_all.deb--- 23542300x800000000000000030965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/034-libxcb-shm0_1.13-2~ubuntu18.04_amd64.deb--- 23542300x800000000000000030964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/000-fonts-dejavu-core_2.37-1_all.deb--- 23542300x800000000000000030963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/042-libaa1_1.4p5-44build2_amd64.deb--- 23542300x800000000000000030962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/108-qemu-system-ppc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/039-libvorbis0a_1.3.5-4.2_amd64.deb--- 23542300x800000000000000030960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/016-binfmt-support_2.1.8-2_amd64.deb--- 23542300x800000000000000030959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/055-libgudev-1.0-0_1%3a232-2_amd64.deb--- 23542300x800000000000000030958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/006-libiscsi7_1.17.0-1.1_amd64.deb--- 23542300x800000000000000030957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/082-libxv1_2%3a1.0.11-1_amd64.deb--- 23542300x800000000000000030956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/022-libproxy1v5_0.4.15-1ubuntu0.2_amd64.deb--- 23542300x800000000000000030955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/080-libpangoft2-1.0-0_1.40.14-1ubuntu0.1_amd64.deb--- 23542300x800000000000000030954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/026-glib-networking_2.56.0-1ubuntu0.1_amd64.deb--- 23542300x800000000000000030953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/071-libxdamage1_1%3a1.1.4-3_amd64.deb--- 23542300x800000000000000030952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/098-libusbredirparser1_0.7.1-1_amd64.deb--- 23542300x800000000000000030951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/117-qemu_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/076-libthai0_0.1.27-2_amd64.deb--- 23542300x800000000000000030949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/078-libgraphite2-3_1.3.11-2_amd64.deb--- 23542300x800000000000000030948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/084-ibverbs-providers_17.1-1ubuntu0.2_amd64.deb--- 23542300x800000000000000030947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/060-libmpg123-0_1.25.10-1_amd64.deb--- 23542300x800000000000000030946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/097-libspice-server1_0.14.0-1ubuntu2.5_amd64.deb--- 23542300x800000000000000030945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/091-libbluetooth3_5.48-0ubuntu3.8_amd64.deb--- 23542300x800000000000000030944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/063-libsoup2.4-1_2.62.1-1ubuntu0.4_amd64.deb--- 23542300x800000000000000030943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/057-libsamplerate0_0.1.9-1_amd64.deb--- 23542300x800000000000000030942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/020-dconf-service_0.26.0-2ubuntu3_amd64.deb--- 23542300x800000000000000030941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/048-libflac8_1.3.2-1_amd64.deb--- 23542300x800000000000000030940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/021-dconf-gsettings-backend_0.26.0-2ubuntu3_amd64.deb--- 23542300x800000000000000030939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/096-libsdl1.2debian_1.2.15+dfsg2-0.1ubuntu0.1_amd64.deb--- 23542300x800000000000000030938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.516{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/111-qemu-system-x86_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/011-libnss3_2%3a3.35-2ubuntu2.13_amd64.deb--- 23542300x800000000000000031016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/025-gsettings-desktop-schemas_3.28.0-1ubuntu1_all.deb--- 23542300x800000000000000031015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/036-libcairo2_1.15.10-2ubuntu0.1_amd64.deb--- 23542300x800000000000000031014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/119-sharutils_1%3a4.15.2-3_amd64.deb--- 23542300x800000000000000031013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/088-libasound2-data_1.1.3-5ubuntu0.6_all.deb--- 23542300x800000000000000031012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/086-ipxe-qemu-256k-compat-efi-roms_1.0.0+git-20150424.a25a16d-0ubuntu2_all.deb--- 23542300x800000000000000031011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/010-libnspr4_2%3a4.18-1ubuntu1_amd64.deb--- 23542300x800000000000000031010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/099-libxenstore3.0_4.9.2-0ubuntu1_amd64.deb--- 23542300x800000000000000031009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/109-qemu-system-sparc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/075-libdatrie1_0.2.10-7_amd64.deb--- 23542300x800000000000000031007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/103-libfdt1_1.4.5-3_amd64.deb--- 23542300x800000000000000031006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/028-libgstreamer1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb--- 23542300x800000000000000031005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/087-libaio1_0.3.110-5ubuntu0.1_amd64.deb--- 23542300x800000000000000031004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/077-libpango-1.0-0_1.40.14-1ubuntu0.1_amd64.deb--- 23542300x800000000000000031003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/066-libtwolame0_0.3.13-3_amd64.deb--- 23542300x800000000000000031002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/107-qemu-slof_20170724+dfsg-1ubuntu1_all.deb--- 23542300x800000000000000031001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/104-librdmacm1_17.1-1ubuntu0.2_amd64.deb--- 23542300x800000000000000031000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/116-qemu-utils_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/090-libasyncns0_0.8-6_amd64.deb--- 23542300x800000000000000030998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/009-libibverbs1_17.1-1ubuntu0.2_amd64.deb--- 23542300x800000000000000030997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/001-fontconfig-config_2.12.6-0ubuntu2_all.deb--- 23542300x800000000000000030996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/052-libgdk-pixbuf2.0-common_2.36.11-2_all.deb--- 23542300x800000000000000030995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/040-libvorbisenc2_1.3.5-4.2_amd64.deb--- 23542300x800000000000000030994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/051-libtiff5_4.0.9-5ubuntu0.4_amd64.deb--- 23542300x800000000000000030993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/012-librados2_12.2.13-0ubuntu0.18.04.10_amd64.deb--- 23542300x800000000000000030992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/029-liborc-0.4-0_1%3a0.4.28-1_amd64.deb--- 23542300x800000000000000030991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/031-libopus0_1.1.2-1ubuntu1_amd64.deb--- 23542300x800000000000000030990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/019-libdconf1_0.26.0-2ubuntu3_amd64.deb--- 23542300x800000000000000030989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/113-qemu-system-misc_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/110-seabios_1.10.2-1ubuntu1_all.deb--- 23542300x800000000000000030987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/067-libv4lconvert0_1.14.2-1_amd64.deb--- 23542300x800000000000000030986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/081-libpangocairo-1.0-0_1.40.14-1ubuntu0.1_amd64.deb--- 23542300x800000000000000030985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/118-qemu-user-static_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/013-librbd1_12.2.13-0ubuntu0.18.04.10_amd64.deb--- 23542300x800000000000000030983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/085-ipxe-qemu_1.0.0+git-20180124.fbe8c52d-0ubuntu2.2_all.deb--- 23542300x800000000000000030982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/105-qemu-system-arm_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000030981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/100-libyajl2_2.1.0-2build1_amd64.deb--- 23542300x800000000000000030980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/050-libjbig0_2.1-3.1build1_amd64.deb--- 23542300x800000000000000030979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/095-libpulse0_1%3a11.1-1ubuntu7.11_amd64.deb--- 23542300x800000000000000030978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/035-libxrender1_1%3a0.9.10-1_amd64.deb--- 23542300x800000000000000030977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/018-cpu-checker_0.7-0ubuntu7_amd64.deb--- 23542300x800000000000000030976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/062-libshout3_2.4.1-2build1_amd64.deb--- 23542300x800000000000000030975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/005-libogg0_1.3.2-1_amd64.deb--- 23542300x800000000000000030974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/043-libraw1394-11_2.1.2-1_amd64.deb--- 23542300x800000000000000030973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/046-libcairo-gobject2_1.15.10-2ubuntu0.1_amd64.deb--- 23542300x800000000000000030972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/059-libmp3lame0_3.100-2_amd64.deb--- 23542300x800000000000000030971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/061-libspeex1_1.2~rc1.2-1ubuntu2.1_amd64.deb--- 23542300x800000000000000030970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/008-libnl-route-3-200_3.2.29-0ubuntu3_amd64.deb--- 23542300x800000000000000030969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/032-libpixman-1-0_0.34.0-2_amd64.deb--- 23542300x800000000000000030968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/017-msr-tools_1.3-2build1_amd64.deb--- 23542300x800000000000000030967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/038-libvisual-0.4-0_0.4.0-11_amd64.deb--- 23542300x800000000000000030966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.517{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/064-libtag1v5-vanilla_1.11.1+dfsg.1-0.2build2_amd64.deb--- 23542300x800000000000000031046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/007-libnl-3-200_3.2.29-0ubuntu3_amd64.deb--- 23542300x800000000000000031045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/033-libxcb-render0_1.13-2~ubuntu18.04_amd64.deb--- 23542300x800000000000000031044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/037-libtheora0_1.1.1+dfsg.1-14_amd64.deb--- 23542300x800000000000000031043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/015-qemu-system-common_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/027-libcdparanoia0_3.10.2+debian-13_amd64.deb--- 23542300x800000000000000031041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/049-libjpeg8_8c-2ubuntu8_amd64.deb--- 23542300x800000000000000031040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/112-qemu-system-s390x_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/047-libdv4_1.0.0-11_amd64.deb--- 23542300x800000000000000031038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/023-glib-networking-common_2.56.0-1ubuntu0.1_all.deb--- 23542300x800000000000000031037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/069-libvpx5_1.7.0-3ubuntu0.18.04.1_amd64.deb--- 23542300x800000000000000031036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/053-libgdk-pixbuf2.0-0_2.36.11-2_amd64.deb--- 23542300x800000000000000031035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/056-libiec61883-0_1.2.0-2_amd64.deb--- 23542300x800000000000000031034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/003-fontconfig_2.12.6-0ubuntu2_amd64.deb--- 23542300x800000000000000031033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/094-libsndfile1_1.0.28-4ubuntu0.18.04.2_amd64.deb--- 23542300x800000000000000031032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/101-libxen-4.9_4.9.2-0ubuntu1_amd64.deb--- 23542300x800000000000000031031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/102-libbrlapi0.6_5.5-4ubuntu2.0.1_amd64.deb--- 23542300x800000000000000031030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/070-libwavpack1_5.1.0-2ubuntu1.5_amd64.deb--- 23542300x800000000000000031029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/044-libavc1394-0_0.5.4-4build1_amd64.deb--- 23542300x800000000000000031028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/065-libtag1v5_1.11.1+dfsg.1-0.2build2_amd64.deb--- 23542300x800000000000000031027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/089-libasound2_1.1.3-5ubuntu0.6_amd64.deb--- 23542300x800000000000000031026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/068-libv4l-0_1.14.2-1_amd64.deb--- 23542300x800000000000000031025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/054-libgstreamer-plugins-good1.0-0_1.14.5-0ubuntu1~18.04.2_amd64.deb--- 23542300x800000000000000031024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/014-qemu-block-extra_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/115-qemu-user_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/045-libcaca0_0.99.beta19-2ubuntu0.18.04.3_amd64.deb--- 23542300x800000000000000031021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/106-qemu-system-mips_1%3a2.11+dfsg-1ubuntu7.39_amd64.deb--- 23542300x800000000000000031020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/079-libharfbuzz0b_1.7.2-1ubuntu1_amd64.deb--- 23542300x800000000000000031019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/030-libgstreamer-plugins-base1.0-0_1.14.5-0ubuntu1~18.04.3_amd64.deb--- 23542300x800000000000000031018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.518{ec2a2542-297b-6254-ccef-29074c560000}3606root/usr/bin/apt-get/tmp/apt-dpkg-install-7NsVNE/058-libjack-jackd2-0_1.9.12~dfsg-2_amd64.deb--- 154100x800000000000000031047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.519{ec2a2542-2991-6254-7091-3f7926560000}4790/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --configure --pending/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-297b-6254-ccef-29074c560000}3606/usr/bin/apt-getapt-getroot 154100x800000000000000031048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.568{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash-----/bin/sh /var/lib/dpkg/info/binfmt-support.postinst configure /root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-7091-3f7926560000}4790/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000031049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.569{ec2a2542-2991-6254-685f-ac3a65550000}4792/usr/sbin/update-binfmts-----update-binfmts --import/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 154100x800000000000000031050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.572{ec2a2542-2991-6254-a862-627e07560000}4793/bin/mount-----/bin/mount binfmt_misc /proc/sys/fs/binfmt_misc -t binfmt_misc/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot 534500x800000000000000031051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.577{00000000-0000-0000-0000-000000000000}4794<unknown process>root 534500x800000000000000031053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.578{ec2a2542-2991-6254-a862-627e07560000}4793/bin/mountroot 23542300x800000000000000031052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.578{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:36691--- 154100x800000000000000031055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.580{ec2a2542-2991-6254-70b1-e51163550000}4795/usr/bin/dpkg-----dpkg --compare-versions lt 2.0.0/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.580{ec2a2542-2991-6254-685f-ac3a65550000}4792/usr/sbin/update-binfmtsroot 154100x800000000000000031057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.583{ec2a2542-2991-6254-7083-6e0ca3550000}4802/bin/rm-----rm -rf /var/cache/binfmts/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.583{ec2a2542-2991-6254-70b1-e51163550000}4795/usr/bin/dpkgroot 534500x800000000000000031058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.584{ec2a2542-2991-6254-7083-6e0ca3550000}4802/bin/rmroot 154100x800000000000000031060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.586{ec2a2542-2991-6254-98d7-961c85550000}4806/usr/bin/perl-----perl /usr/bin/deb-systemd-helper unmask binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 154100x800000000000000031059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.586{ec2a2542-2991-6254-787c-4a58de550000}4806/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper unmask binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 23542300x800000000000000031061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.587{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000031069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4801<unknown process>root 534500x800000000000000031068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4804<unknown process>root 534500x800000000000000031067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4797<unknown process>root 534500x800000000000000031066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4796<unknown process>root 534500x800000000000000031065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4803<unknown process>root 534500x800000000000000031064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4798<unknown process>root 534500x800000000000000031063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4805<unknown process>root 534500x800000000000000031062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.588{00000000-0000-0000-0000-000000000000}4800<unknown process>root 534500x800000000000000031070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.590{ec2a2542-2991-6254-0000-000000000000}4799-root 154100x800000000000000031073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.639{ec2a2542-2991-6254-98b7-58ad7e550000}4807/usr/bin/perl-----perl /usr/bin/deb-systemd-helper --quiet was-enabled binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 154100x800000000000000031072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.639{ec2a2542-2991-6254-789c-89919a550000}4807/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper --quiet was-enabled binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.639{ec2a2542-2991-6254-787c-4a58de550000}4806/usr/bin/envroot 154100x800000000000000031076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.684{ec2a2542-2991-6254-9877-680b67550000}4808/usr/bin/perl-----perl /usr/bin/deb-systemd-helper enable binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 154100x800000000000000031075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.684{ec2a2542-2991-6254-784c-74f51d560000}4808/usr/bin/env-----/usr/bin/env perl /usr/bin/deb-systemd-helper enable binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.684{ec2a2542-2991-6254-789c-89919a550000}4807/usr/bin/envroot 154100x800000000000000031077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.723{ec2a2542-2991-6254-d03c-1efc91550000}4809/bin/systemctl-----/bin/systemctl --preset-mode=enable-only preset binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-784c-74f51d560000}4808/usr/bin/env/usr/bin/envroot 23542300x800000000000000031084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x800000000000000031083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x800000000000000031082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x800000000000000031081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x800000000000000031080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x800000000000000031079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x800000000000000031078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.773{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x800000000000000031096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x800000000000000031095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x800000000000000031094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x800000000000000031093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x800000000000000031092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x800000000000000031091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x800000000000000031090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x800000000000000031089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x800000000000000031088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x800000000000000031087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x800000000000000031086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x800000000000000031085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.774{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 154100x800000000000000031097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.775{ec2a2542-2991-6254-38c3-b379ae550000}4811/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4810--- 534500x800000000000000031098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.776{ec2a2542-2991-6254-38c3-b379ae550000}4811/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 534500x800000000000000031099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.777{ec2a2542-2991-6254-0000-000000000000}4810-root 154100x800000000000000031101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.778{ec2a2542-2991-6254-68e2-09d5ef550000}4814/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.778{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.779{ec2a2542-2991-6254-b85e-700fcc550000}4819/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.779{ec2a2542-2991-6254-30cc-00d65a550000}4815/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.779{ec2a2542-2991-6254-c075-e4dbde550000}4817/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.779{ec2a2542-2991-6254-d0c9-6a4381550000}4818/bin/cat-----cat /proc/cmdline/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-68e2-09d5ef550000}4814/bin/dash/bin/shroot 154100x800000000000000031102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.779{ec2a2542-2991-6254-9807-7e455b550000}4816/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-d0de-9ed018560000}4823/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-8856-663d44560000}4821/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-689c-993aab550000}4820/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 534500x800000000000000031109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-c075-e4dbde550000}4817/lib/systemd/system-generators/snapd-generatorroot 154100x800000000000000031108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-78d6-379615560000}4822/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash/bin/shroot 534500x800000000000000031107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-68e2-09d5ef550000}4814/bin/dashroot 534500x800000000000000031106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.780{ec2a2542-2991-6254-d0c9-6a4381550000}4818/bin/catroot 154100x800000000000000031135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.781{ec2a2542-2991-6254-a0b2-dede07560000}4826/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.781{ec2a2542-2991-6254-f0fb-1afba7550000}4824/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.781{ec2a2542-2991-6254-88d4-66c702560000}4825/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-8064-5d7e4f560000}4829/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-20e5-c1ff16560000}4827/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 154100x800000000000000031117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-d8dc-8b3df1550000}4828/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4812--- 23542300x800000000000000031116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-9807-7e455b550000}4816root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x800000000000000031115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-9807-7e455b550000}4816root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x800000000000000031114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-9807-7e455b550000}4816root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x800000000000000031113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.782{ec2a2542-2991-6254-9807-7e455b550000}4816root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 154100x800000000000000031121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.783{ec2a2542-2991-6254-3833-20880a560000}4830/bin/udevadm-----/sbin/udevadm control --reload/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-9807-7e455b550000}4816/lib/netplan/generate/lib/systemd/system-generators/netplanroot 534500x800000000000000031120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.783{ec2a2542-2991-6254-30cc-00d65a550000}4815/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x800000000000000031119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.784{ec2a2542-2991-6254-689c-993aab550000}4820/lib/systemd/system-generators/systemd-debug-generatorroot 534500x800000000000000031118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.784{ec2a2542-2991-6254-78d6-379615560000}4822/usr/bin/systemd-detect-virtroot 534500x800000000000000031126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.785{ec2a2542-2991-6254-b85e-700fcc550000}4819/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x800000000000000031124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.785{ec2a2542-2991-6254-8856-663d44560000}4821/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x800000000000000031129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.786{ec2a2542-2991-6254-3833-20880a560000}4830/bin/udevadmroot 534500x800000000000000031130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.787{ec2a2542-2991-6254-9807-7e455b550000}4816/lib/netplan/generateroot 534500x800000000000000031134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.788{ec2a2542-2991-6254-d0de-9ed018560000}4823/lib/systemd/system-generators/systemd-getty-generatorroot 534500x800000000000000031133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.788{ec2a2542-2991-6254-88d4-66c702560000}4825/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 154100x800000000000000031132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.788{ec2a2542-2991-6254-7856-1644d9550000}4831/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash/bin/shroot 534500x800000000000000031131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.788{ec2a2542-2991-6254-20e5-c1ff16560000}4827/lib/systemd/system-generators/systemd-system-update-generatorroot 534500x800000000000000031138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.790{ec2a2542-2991-6254-7856-1644d9550000}4831/usr/bin/systemd-detect-virtroot 534500x800000000000000031137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.790{ec2a2542-2991-6254-8064-5d7e4f560000}4829/lib/systemd/system-generators/systemd-veritysetup-generatorroot 924900x800000000000000031136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.790{ec2a2542-2991-6254-f0fb-1afba7550000}4824/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 154100x800000000000000031141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.791{ec2a2542-2991-6254-6862-e01734560000}4832/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash/bin/shroot 534500x800000000000000031140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.791{ec2a2542-2991-6254-f0fb-1afba7550000}4824/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x800000000000000031139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.791{ec2a2542-2991-6254-a0b2-dede07560000}4826/lib/systemd/system-generators/systemd-rc-local-generatorroot 154100x800000000000000031143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.793{ec2a2542-2991-6254-789f-22114f560000}4833/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash/bin/shroot 534500x800000000000000031142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.793{ec2a2542-2991-6254-6862-e01734560000}4832/bin/dashroot 154100x800000000000000031145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.795{ec2a2542-2991-6254-987d-b218a7550000}4834/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dash/bin/shroot 534500x800000000000000031144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.795{ec2a2542-2991-6254-789f-22114f560000}4833/bin/mkdirroot 534500x800000000000000031147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.797{ec2a2542-2991-6254-6882-5f7c1e560000}4813/bin/dashroot 534500x800000000000000031146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.797{ec2a2542-2991-6254-987d-b218a7550000}4834/bin/lnroot 534500x800000000000000031149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.805{ec2a2542-2991-6254-0000-000000000000}4812-root 534500x800000000000000031148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.805{ec2a2542-2991-6254-d8dc-8b3df1550000}4828/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x800000000000000031150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.901{ec2a2542-2991-6254-d03c-1efc91550000}4809/bin/systemctlroot 154100x800000000000000031152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.904{ec2a2542-2991-6254-6812-b93d05560000}4835/bin/dash-----/bin/sh /usr/bin/dpkg-maintscript-helper rm_conffile /etc/init/binfmt-support.conf 2.1.8-1~ -- configure /root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.904{ec2a2542-2991-6254-784c-74f51d560000}4808/usr/bin/envroot 154100x800000000000000031153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.905{ec2a2542-2991-6254-e8ab-63b22e560000}4836/usr/bin/basename-----basename /usr/bin/dpkg-maintscript-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-b93d05560000}4835/bin/dash/bin/shroot 154100x800000000000000031155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.906{ec2a2542-2991-6254-70e1-ffd8ca550000}4837/usr/bin/dpkg-----dpkg --validate-version -- 2.1.8-1~/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-b93d05560000}4835/bin/dash/bin/shroot 534500x800000000000000031154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.906{ec2a2542-2991-6254-e8ab-63b22e560000}4836/usr/bin/basenameroot 154100x800000000000000031158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.908{ec2a2542-2991-6254-9857-cf8586550000}4838/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d binfmt-support defaults/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.908{ec2a2542-2991-6254-6812-b93d05560000}4835/bin/dashroot 534500x800000000000000031156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.908{ec2a2542-2991-6254-70e1-ffd8ca550000}4837/usr/bin/dpkgroot 154100x800000000000000031159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.917{ec2a2542-2991-6254-d01c-65a6bf550000}4839/bin/systemctl-----systemctl daemon-reload/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-9857-cf8586550000}4838/usr/bin/perl/usr/bin/perlroot 23542300x800000000000000031178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x800000000000000031177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x800000000000000031176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x800000000000000031175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x800000000000000031174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x800000000000000031173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x800000000000000031172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x800000000000000031171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x800000000000000031170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x800000000000000031169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x800000000000000031168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x800000000000000031167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x800000000000000031166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x800000000000000031165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x800000000000000031164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x800000000000000031163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x800000000000000031162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x800000000000000031161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 23542300x800000000000000031160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.970{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 154100x800000000000000031179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.972{ec2a2542-2991-6254-38b3-a50623560000}4842/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4841--- 534500x800000000000000031181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.973{00000000-0000-0000-0000-000000000000}4841<unknown process>root 534500x800000000000000031180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.973{ec2a2542-2991-6254-38b3-a50623560000}4842/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 154100x800000000000000031182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.974{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.975{ec2a2542-2991-6254-c0f5-e3c14c560000}4848/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.975{ec2a2542-2991-6254-d059-e3745e550000}4849/bin/cat-----cat /proc/cmdline/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-a6862f560000}4845/bin/dash/bin/shroot 154100x800000000000000031185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.975{ec2a2542-2991-6254-98c7-29a06b550000}4847/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.975{ec2a2542-2991-6254-30dc-f8d469550000}4846/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.975{ec2a2542-2991-6254-6862-a6862f560000}4845/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.976{ec2a2542-2991-6254-681c-da2d88550000}4852/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.976{ec2a2542-2991-6254-b8ee-ec415d550000}4851/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 534500x800000000000000031188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.976{ec2a2542-2991-6254-d059-e3745e550000}4849/bin/catroot 154100x800000000000000031187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.976{ec2a2542-2991-6254-78a6-9627e5550000}4850/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash/bin/shroot 154100x800000000000000031200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.977{ec2a2542-2991-6254-8826-08de18560000}4853/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 534500x800000000000000031190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.977{ec2a2542-2991-6254-6862-a6862f560000}4845/bin/dashroot 154100x800000000000000031206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.978{ec2a2542-2991-6254-f09b-2df976550000}4855/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.978{ec2a2542-2991-6254-d09e-9ee57f550000}4854/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 23542300x800000000000000031195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.978{ec2a2542-2991-6254-98c7-29a06b550000}4847root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 23542300x800000000000000031194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.978{ec2a2542-2991-6254-98c7-29a06b550000}4847root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 534500x800000000000000031193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.978{ec2a2542-2991-6254-c0f5-e3c14c560000}4848/lib/systemd/system-generators/snapd-generatorroot 154100x800000000000000031208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-a062-b55d4a560000}4858/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-38d3-3a2e90550000}4857/bin/udevadm-----/sbin/udevadm control --reload/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-98c7-29a06b550000}4847/lib/netplan/generate/lib/systemd/system-generators/netplanroot 154100x800000000000000031202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-8834-20e6d2550000}4856/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 534500x800000000000000031198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-78a6-9627e5550000}4850/usr/bin/systemd-detect-virtroot 23542300x800000000000000031197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-98c7-29a06b550000}4847root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 23542300x800000000000000031196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.979{ec2a2542-2991-6254-98c7-29a06b550000}4847root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 154100x800000000000000031211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-20a5-0c72ec550000}4859/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-d87c-79641e560000}4860/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 154100x800000000000000031205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-80d4-a32de6550000}4861/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4843--- 534500x800000000000000031204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-681c-da2d88550000}4852/lib/systemd/system-generators/systemd-debug-generatorroot 534500x800000000000000031203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-30dc-f8d469550000}4846/lib/systemd/system-generators/lvm2-activation-generatorroot 534500x800000000000000031201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.980{ec2a2542-2991-6254-b8ee-ec415d550000}4851/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 154100x800000000000000031212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.982{ec2a2542-2991-6254-78d6-7138c1550000}4862/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash/bin/shroot 534500x800000000000000031210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.982{ec2a2542-2991-6254-d09e-9ee57f550000}4854/lib/systemd/system-generators/systemd-getty-generatorroot 534500x800000000000000031213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.984{ec2a2542-2991-6254-8826-08de18560000}4853/lib/systemd/system-generators/systemd-fstab-generatorroot 534500x800000000000000031217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.985{ec2a2542-2991-6254-80d4-a32de6550000}4861/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x800000000000000031216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.985{ec2a2542-2991-6254-98c7-29a06b550000}4847/lib/netplan/generateroot 534500x800000000000000031215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.985{ec2a2542-2991-6254-8834-20e6d2550000}4856/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x800000000000000031214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.985{ec2a2542-2991-6254-38d3-3a2e90550000}4857/bin/udevadmroot 534500x800000000000000031220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.986{ec2a2542-2991-6254-78d6-7138c1550000}4862/usr/bin/systemd-detect-virtroot 534500x800000000000000031219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.986{ec2a2542-2991-6254-20a5-0c72ec550000}4859/lib/systemd/system-generators/systemd-system-update-generatorroot 924900x800000000000000031218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.986{ec2a2542-2991-6254-f09b-2df976550000}4855/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 154100x800000000000000031222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.987{ec2a2542-2991-6254-68e2-e7bc75550000}4863/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash/bin/shroot 534500x800000000000000031221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.987{ec2a2542-2991-6254-a062-b55d4a560000}4858/lib/systemd/system-generators/systemd-rc-local-generatorroot 534500x800000000000000031223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.988{ec2a2542-2991-6254-f09b-2df976550000}4855/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 154100x800000000000000031225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.989{ec2a2542-2991-6254-78af-8fdc68550000}4864/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash/bin/shroot 534500x800000000000000031224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.989{ec2a2542-2991-6254-68e2-e7bc75550000}4863/bin/dashroot 154100x800000000000000031227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.991{ec2a2542-2991-6254-988d-df7d66550000}4865/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dash/bin/shroot 534500x800000000000000031226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.991{ec2a2542-2991-6254-78af-8fdc68550000}4864/bin/mkdirroot 534500x800000000000000031229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.992{ec2a2542-2991-6254-6862-29b4cd550000}4844/bin/dashroot 534500x800000000000000031228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:53.992{ec2a2542-2991-6254-988d-df7d66550000}4865/bin/lnroot 534500x800000000000000031230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.002{ec2a2542-2991-6254-d87c-79641e560000}4860/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x800000000000000031231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.003{ec2a2542-2991-6254-0000-000000000000}4843-root 534500x800000000000000031232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.091{ec2a2542-2991-6254-d01c-65a6bf550000}4839/bin/systemctlroot 154100x800000000000000031234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.092{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash-----/bin/sh /usr/sbin/invoke-rc.d binfmt-support start/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dash/bin/shroot 534500x800000000000000031233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.092{ec2a2542-2991-6254-9857-cf8586550000}4838/usr/bin/perlroot 154100x800000000000000031235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.094{ec2a2542-2992-6254-d03c-250d22560000}4867/bin/systemctl-----/sbin/runlevel/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 154100x800000000000000031237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.097{ec2a2542-2992-6254-d0cc-26153e560000}4868/bin/systemctl-----systemctl --quiet is-enabled binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 534500x800000000000000031236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.097{ec2a2542-2992-6254-d03c-250d22560000}4867/bin/systemctlroot 534500x800000000000000031238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.103{ec2a2542-2992-6254-d0cc-26153e560000}4868/bin/systemctlroot 154100x800000000000000031239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.104{ec2a2542-2992-6254-d0bc-fc20db550000}4869/bin/systemctl-----systemctl daemon-reload/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 23542300x800000000000000031258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunkd.service--- 23542300x800000000000000031257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/splunk.service--- 23542300x800000000000000031256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/splunk.service--- 23542300x800000000000000031255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/apport.service--- 23542300x800000000000000031254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/multi-user.target.wants/grub-common.service--- 23542300x800000000000000031253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/splunk.service--- 23542300x800000000000000031252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/apport.service--- 23542300x800000000000000031251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/graphical.target.wants/grub-common.service--- 23542300x800000000000000031250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/apport.service--- 23542300x800000000000000031249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/hibagent.service--- 23542300x800000000000000031248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.late/grub-common.service--- 23542300x800000000000000031247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator.early/multi-user.target.wants/cloud-init.target--- 23542300x800000000000000031246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/getty.target.wants/serial-getty@ttyS0.service--- 23542300x800000000000000031245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/-.mount--- 23542300x800000000000000031244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service--- 23542300x800000000000000031243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/local-fs.target.requires/-.mount--- 23542300x800000000000000031242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/multi-user.target.wants/systemd-networkd.service--- 23542300x800000000000000031241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service--- 23542300x800000000000000031240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.157{ec2a2542-0ff1-6254-58a9-8a1e10560000}1root/lib/systemd/systemd/run/systemd/generator/netplan.stamp--- 154100x800000000000000031259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.159{ec2a2542-2992-6254-3863-7ba601560000}4871/usr/lib/systemd/system-environment-generators/snapd-env-generator-----/usr/lib/systemd/system-environment-generators/snapd-env-generator/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4870--- 534500x800000000000000031260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.160{ec2a2542-2992-6254-3863-7ba601560000}4871/usr/lib/systemd/system-environment-generators/snapd-env-generatorroot 534500x800000000000000031261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.162{ec2a2542-2991-6254-0000-000000000000}4870-root 154100x800000000000000031280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.163{ec2a2542-2992-6254-6872-082578550000}4874/bin/dash-----/bin/sh /lib/systemd/system-generators/friendly-recovery /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.163{ec2a2542-2992-6254-301c-e42b05560000}4875/lib/systemd/system-generators/lvm2-activation-generator-----/lib/systemd/system-generators/lvm2-activation-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.163{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash-----/bin/sh /lib/systemd/system-generators/cloud-init-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.164{ec2a2542-2992-6254-b8ce-48810b560000}4879/lib/systemd/system-generators/systemd-cryptsetup-generator-----/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.164{ec2a2542-2992-6254-7866-511725560000}4878/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash/bin/shroot 154100x800000000000000031264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.164{ec2a2542-2992-6254-c075-28a244560000}4877/lib/systemd/system-generators/snapd-generator-----/lib/systemd/system-generators/snapd-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.164{ec2a2542-2992-6254-98d7-c221de550000}4876/lib/netplan/generate-----/lib/systemd/system-generators/netplan /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.165{ec2a2542-2992-6254-d0be-cfdf95550000}4882/lib/systemd/system-generators/systemd-getty-generator-----/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.165{ec2a2542-2992-6254-682c-30fced550000}4880/lib/systemd/system-generators/systemd-debug-generator-----/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.165{ec2a2542-2992-6254-88c6-8559dc550000}4881/lib/systemd/system-generators/systemd-fstab-generator-----/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.166{ec2a2542-2992-6254-a0d2-bb94c4550000}4885/lib/systemd/system-generators/systemd-rc-local-generator-----/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.166{ec2a2542-2992-6254-88b4-9d28c4550000}4884/lib/systemd/system-generators/systemd-hibernate-resume-generator-----/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.166{ec2a2542-2992-6254-f07b-618482550000}4883/lib/systemd/system-generators/systemd-gpt-auto-generator-----/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 534500x800000000000000031266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.166{ec2a2542-2992-6254-c075-28a244560000}4877/lib/systemd/system-generators/snapd-generatorroot 154100x800000000000000031294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.167{ec2a2542-2992-6254-d8cc-452a43560000}4887/lib/systemd/system-generators/systemd-sysv-generator-----/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 154100x800000000000000031287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.167{ec2a2542-2992-6254-2025-e2b2b3550000}4886/lib/systemd/system-generators/systemd-system-update-generator-----/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 23542300x800000000000000031268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.167{ec2a2542-2992-6254-98d7-c221de550000}4876root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.link--- 534500x800000000000000031273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.168{ec2a2542-2992-6254-7866-511725560000}4878/usr/bin/systemd-detect-virtroot 154100x800000000000000031272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.168{ec2a2542-2992-6254-8004-3f5340560000}4888/lib/systemd/system-generators/systemd-veritysetup-generator-----/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}4872--- 23542300x800000000000000031271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.168{ec2a2542-2992-6254-98d7-c221de550000}4876root/lib/netplan/generate//run/udev/rules.d/99-netplan-ens5.rules--- 23542300x800000000000000031270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.168{ec2a2542-2992-6254-98d7-c221de550000}4876root/lib/netplan/generate//run/systemd/network/10-netplan-ens5.network--- 154100x800000000000000031295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.169{ec2a2542-2992-6254-38a3-66f230560000}4890/bin/udevadm-----/sbin/udevadm control --reload/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-98d7-c221de550000}4876/lib/netplan/generate/lib/systemd/system-generators/netplanroot 154100x800000000000000031285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.169{ec2a2542-2992-6254-78a6-cb3a96550000}4889/usr/bin/systemd-detect-virt-----systemd-detect-virt --container --quiet/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash/bin/shroot 23542300x800000000000000031275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.169{ec2a2542-2992-6254-98d7-c221de550000}4876root/lib/netplan/generate/run/NetworkManager/conf.d/netplan.conf--- 154100x800000000000000031282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.172{ec2a2542-2992-6254-d0a9-a27f31560000}4891/bin/cat-----cat /proc/cmdline/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6872-082578550000}4874/bin/dash/bin/shroot 534500x800000000000000031281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.172{ec2a2542-2992-6254-8004-3f5340560000}4888/lib/systemd/system-generators/systemd-veritysetup-generatorroot 534500x800000000000000031279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.172{ec2a2542-2992-6254-88c6-8559dc550000}4881/lib/systemd/system-generators/systemd-fstab-generatorroot 924900x800000000000000031286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.173{ec2a2542-2992-6254-f07b-618482550000}4883/lib/systemd/system-generators/systemd-gpt-auto-generator/dev/nvme0n1root 534500x800000000000000031284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.173{ec2a2542-2992-6254-d0be-cfdf95550000}4882/lib/systemd/system-generators/systemd-getty-generatorroot 534500x800000000000000031291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.174{ec2a2542-2992-6254-682c-30fced550000}4880/lib/systemd/system-generators/systemd-debug-generatorroot 534500x800000000000000031290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.174{ec2a2542-2992-6254-6872-082578550000}4874/bin/dashroot 534500x800000000000000031289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.174{ec2a2542-2992-6254-88b4-9d28c4550000}4884/lib/systemd/system-generators/systemd-hibernate-resume-generatorroot 534500x800000000000000031288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.174{ec2a2542-2992-6254-d0a9-a27f31560000}4891/bin/catroot 534500x800000000000000031293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.175{ec2a2542-2992-6254-f07b-618482550000}4883/lib/systemd/system-generators/systemd-gpt-auto-generatorroot 534500x800000000000000031297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.176{ec2a2542-2992-6254-b8ce-48810b560000}4879/lib/systemd/system-generators/systemd-cryptsetup-generatorroot 534500x800000000000000031296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.176{ec2a2542-2992-6254-78a6-cb3a96550000}4889/usr/bin/systemd-detect-virtroot 534500x800000000000000031300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.177{ec2a2542-2992-6254-38a3-66f230560000}4890/bin/udevadmroot 534500x800000000000000031299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.177{ec2a2542-2992-6254-2025-e2b2b3550000}4886/lib/systemd/system-generators/systemd-system-update-generatorroot 154100x800000000000000031298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.177{ec2a2542-2992-6254-68a2-56d72b560000}4892/bin/dash-----/bin/sh /usr/lib/cloud-init/ds-identify/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash/bin/shroot 534500x800000000000000031302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.178{ec2a2542-2992-6254-98d7-c221de550000}4876/lib/netplan/generateroot 534500x800000000000000031301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.178{ec2a2542-2992-6254-a0d2-bb94c4550000}4885/lib/systemd/system-generators/systemd-rc-local-generatorroot 154100x800000000000000031305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.179{ec2a2542-2992-6254-786f-0d867f550000}4893/bin/mkdir-----mkdir -p /run/systemd/generator.early/multi-user.target.wants/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash/bin/shroot 534500x800000000000000031304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.179{ec2a2542-2992-6254-68a2-56d72b560000}4892/bin/dashroot 534500x800000000000000031303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.179{ec2a2542-2992-6254-301c-e42b05560000}4875/lib/systemd/system-generators/lvm2-activation-generatorroot 154100x800000000000000031307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.180{ec2a2542-2992-6254-98ad-b61024560000}4894/bin/ln-----ln -snf /lib/systemd/system/cloud-init.target /run/systemd/generator.early/multi-user.target.wants/cloud-init.target/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dash/bin/shroot 534500x800000000000000031306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.180{ec2a2542-2992-6254-786f-0d867f550000}4893/bin/mkdirroot 534500x800000000000000031308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.181{ec2a2542-2992-6254-98ad-b61024560000}4894/bin/lnroot 534500x800000000000000031309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.182{ec2a2542-2992-6254-6832-d55b62550000}4873/bin/dashroot 534500x800000000000000031310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.195{ec2a2542-2992-6254-d8cc-452a43560000}4887/lib/systemd/system-generators/systemd-sysv-generatorroot 534500x800000000000000031311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.196{ec2a2542-2991-6254-0000-000000000000}4872-root 154100x800000000000000031313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.276{ec2a2542-2992-6254-d09c-0f9442560000}4895/bin/systemctl-----systemctl -p LoadState show binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 534500x800000000000000031312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.276{ec2a2542-2992-6254-d0bc-fc20db550000}4869/bin/systemctlroot 154100x800000000000000031315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.283{ec2a2542-2992-6254-d0dc-7d93b6550000}4896/bin/systemctl-----systemctl --quiet is-active multi-user.target/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 534500x800000000000000031314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.283{ec2a2542-2992-6254-d09c-0f9442560000}4895/bin/systemctlroot 154100x800000000000000031317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.288{ec2a2542-2992-6254-d0cc-17b202560000}4897/bin/systemctl-----systemctl start binfmt-support.service/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dash/bin/shroot 534500x800000000000000031316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.288{ec2a2542-2992-6254-d0dc-7d93b6550000}4896/bin/systemctlroot 154100x800000000000000031318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.291{ec2a2542-2992-6254-5806-781b02560000}4898/bin/systemd-tty-ask-password-agent-----/bin/systemd-tty-ask-password-agent --watch/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-d0cc-17b202560000}4897/bin/systemctlsystemctlroot 154100x800000000000000031319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.293{ec2a2542-2992-6254-683f-7a3ec8550000}4899/usr/sbin/update-binfmts-----/usr/sbin/update-binfmts --enable/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot 23542300x800000000000000031321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.296{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:38782--- 534500x800000000000000031320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.296{ec2a2542-2992-6254-683f-7a3ec8550000}4899/usr/sbin/update-binfmtsroot 534500x800000000000000031323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.304{ec2a2542-2992-6254-d0cc-17b202560000}4897/bin/systemctlroot 534500x800000000000000031322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.304{ec2a2542-2992-6254-5806-781b02560000}4898/bin/systemd-tty-ask-password-agentroot 534500x800000000000000031325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.305{ec2a2542-2991-6254-6812-20b929560000}4791/bin/dashroot 534500x800000000000000031324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.305{ec2a2542-2992-6254-6862-0f7c7b550000}4866/bin/dashroot 534500x800000000000000031332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{00000000-0000-0000-0000-000000000000}4905<unknown process>root 534500x800000000000000031331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{00000000-0000-0000-0000-000000000000}4901<unknown process>root 534500x800000000000000031330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{00000000-0000-0000-0000-000000000000}4904<unknown process>root 534500x800000000000000031329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{00000000-0000-0000-0000-000000000000}4903<unknown process>root 534500x800000000000000031328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{00000000-0000-0000-0000-000000000000}4900<unknown process>root 534500x800000000000000031327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{ec2a2542-2991-6254-0000-000000000000}4902-root 23542300x800000000000000031326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.310{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000031333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.311{ec2a2542-2992-6254-0000-000000000000}4906-root 534500x800000000000000031335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.352{ec2a2542-2992-6254-0000-000000000000}4913-root 23542300x800000000000000031334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.352{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x800000000000000031340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.353{ec2a2542-2992-6254-0000-000000000000}4912-root 534500x800000000000000031339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.353{00000000-0000-0000-0000-000000000000}4908<unknown process>root 534500x800000000000000031338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.353{00000000-0000-0000-0000-000000000000}4914<unknown process>root 534500x800000000000000031337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.353{ec2a2542-2992-6254-0000-000000000000}4910-root 534500x800000000000000031336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.353{ec2a2542-2992-6254-0000-000000000000}4909-root 534500x800000000000000031341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.354{ec2a2542-2992-6254-0000-000000000000}4911-root 154100x800000000000000031342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.424{ec2a2542-2992-6254-6832-821148560000}4916/bin/dash-----/bin/sh /var/lib/dpkg/info/libgstreamer1.0-0:amd64.postinst configure /root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-7091-3f7926560000}4790/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000031343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.425{ec2a2542-2992-6254-8067-e8789d550000}4917/sbin/setcap-----setcap cap_net_bind_service,cap_net_admin+ep /usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6832-821148560000}4916/bin/dash/bin/shroot 534500x800000000000000031345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.426{ec2a2542-2992-6254-6832-821148560000}4916/bin/dashroot 534500x800000000000000031344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.426{ec2a2542-2992-6254-8067-e8789d550000}4917/sbin/setcaproot 354300x800000000000000031346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.640{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54752-false10.0.1.12-8000- 154100x800000000000000031347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.808{ec2a2542-2992-6254-6812-24cfd2550000}4918/bin/dash-----/bin/sh /var/lib/dpkg/info/libogg0:amd64.postinst configure /root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-7091-3f7926560000}4790/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000031348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.809{ec2a2542-2992-6254-6872-a315e7550000}4919/bin/dash-----/bin/sh /sbin/ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6812-24cfd2550000}4918/bin/dash/bin/shroot 154100x800000000000000031349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.810{ec2a2542-2992-6254-48b2-aacc3d560000}4920/usr/bin/dpkg-trigger-----dpkg-trigger --check-supported/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6872-a315e7550000}4919/bin/dash/bin/shroot 154100x800000000000000031351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.812{ec2a2542-2992-6254-48b2-ac2664550000}4921/usr/bin/dpkg-trigger-----dpkg-trigger --no-await ldconfig/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-6872-a315e7550000}4919/bin/dash/bin/shroot 534500x800000000000000031350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.812{ec2a2542-2992-6254-48b2-aacc3d560000}4920/usr/bin/dpkg-triggerroot 534500x800000000000000031352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.815{ec2a2542-2992-6254-48b2-ac2664550000}4921/usr/bin/dpkg-triggerroot 534500x800000000000000031354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.816{ec2a2542-2992-6254-6812-24cfd2550000}4918/bin/dashroot 534500x800000000000000031353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.816{ec2a2542-2992-6254-6872-a315e7550000}4919/bin/dashroot 154100x800000000000000031355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.905{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash-----/bin/sh /var/lib/dpkg/info/qemu-user-static.postinst configure /root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2991-6254-7091-3f7926560000}4790/usr/bin/dpkg/usr/bin/dpkgroot 154100x800000000000000031356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.906{ec2a2542-2992-6254-50ec-2d0d28560000}4923/bin/grep-----grep -zqs ^container= /proc/1/environ/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 154100x800000000000000031358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.908{ec2a2542-2992-6254-681f-b67905560000}4924/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-aarch64 /usr/bin/qemu-aarch64-static --magic \x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.908{ec2a2542-2992-6254-50ec-2d0d28560000}4923/bin/greproot 154100x800000000000000031360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.909{ec2a2542-2992-6254-684f-89e6d1550000}4925/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-alpha /usr/bin/qemu-alpha-static --magic \x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.909{ec2a2542-2992-6254-681f-b67905560000}4924/usr/sbin/update-binfmtsroot 154100x800000000000000031362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.910{ec2a2542-2992-6254-68ef-a7cada550000}4926/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-arm /usr/bin/qemu-arm-static --magic \x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.910{ec2a2542-2992-6254-684f-89e6d1550000}4925/usr/sbin/update-binfmtsroot 154100x800000000000000031364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.911{ec2a2542-2992-6254-685f-5f8ee6550000}4927/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-armeb /usr/bin/qemu-armeb-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.911{ec2a2542-2992-6254-68ef-a7cada550000}4926/usr/sbin/update-binfmtsroot 154100x800000000000000031366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.912{ec2a2542-2992-6254-68ef-0fb479550000}4928/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-cris /usr/bin/qemu-cris-static --magic \x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x4c\x00 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.912{ec2a2542-2992-6254-685f-5f8ee6550000}4927/usr/sbin/update-binfmtsroot 154100x800000000000000031368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.913{ec2a2542-2992-6254-684f-19f36d550000}4929/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-m68k /usr/bin/qemu-m68k-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x04 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.913{ec2a2542-2992-6254-68ef-0fb479550000}4928/usr/sbin/update-binfmtsroot 154100x800000000000000031370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.914{ec2a2542-2992-6254-687f-2d4ca9550000}4930/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-microblaze /usr/bin/qemu-microblaze-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xba\xab --mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.914{ec2a2542-2992-6254-684f-19f36d550000}4929/usr/sbin/update-binfmtsroot 154100x800000000000000031372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.915{ec2a2542-2992-6254-689f-7f82a9550000}4931/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-mips /usr/bin/qemu-mips-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.915{ec2a2542-2992-6254-687f-2d4ca9550000}4930/usr/sbin/update-binfmtsroot 154100x800000000000000031374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.916{ec2a2542-2992-6254-683f-172989550000}4932/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-mipsel /usr/bin/qemu-mipsel-static --magic \x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.916{ec2a2542-2992-6254-689f-7f82a9550000}4931/usr/sbin/update-binfmtsroot 154100x800000000000000031376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.917{ec2a2542-2992-6254-68ef-04198a550000}4933/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-mips64 /usr/bin/qemu-mips64-static --magic \x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.917{ec2a2542-2992-6254-683f-172989550000}4932/usr/sbin/update-binfmtsroot 154100x800000000000000031378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.918{ec2a2542-2992-6254-681f-f5a293550000}4934/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-mips64el /usr/bin/qemu-mips64el-static --magic \x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00 --mask \xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.918{ec2a2542-2992-6254-68ef-04198a550000}4933/usr/sbin/update-binfmtsroot 154100x800000000000000031380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.920{ec2a2542-2992-6254-681f-52fb69550000}4935/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-ppc /usr/bin/qemu-ppc-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.920{ec2a2542-2992-6254-681f-f5a293550000}4934/usr/sbin/update-binfmtsroot 154100x800000000000000031382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.921{ec2a2542-2992-6254-68bf-c97cb2550000}4936/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-ppc64 /usr/bin/qemu-ppc64-static --magic \x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.921{ec2a2542-2992-6254-681f-52fb69550000}4935/usr/sbin/update-binfmtsroot 154100x800000000000000031384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.922{ec2a2542-2992-6254-680f-b36fd6550000}4937/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-ppc64abi32 /usr/bin/qemu-ppc64abi32-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.922{ec2a2542-2992-6254-68bf-c97cb2550000}4936/usr/sbin/update-binfmtsroot 154100x800000000000000031386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.923{ec2a2542-2992-6254-682f-7ae85c550000}4938/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-ppc64le /usr/bin/qemu-ppc64le-static --magic \x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00 --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.923{ec2a2542-2992-6254-680f-b36fd6550000}4937/usr/sbin/update-binfmtsroot 534500x800000000000000031387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.924{ec2a2542-2992-6254-682f-7ae85c550000}4938/usr/sbin/update-binfmtsroot 154100x800000000000000031388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.925{ec2a2542-2992-6254-682f-0d1d4d560000}4939/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-s390x /usr/bin/qemu-s390x-static --magic \x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 154100x800000000000000031390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.926{ec2a2542-2992-6254-68cf-460c35560000}4940/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-sh4 /usr/bin/qemu-sh4-static --magic \x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.926{ec2a2542-2992-6254-682f-0d1d4d560000}4939/usr/sbin/update-binfmtsroot 154100x800000000000000031392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.927{ec2a2542-2992-6254-686f-c388d8550000}4941/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-sh4eb /usr/bin/qemu-sh4eb-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.927{ec2a2542-2992-6254-68cf-460c35560000}4940/usr/sbin/update-binfmtsroot 154100x800000000000000031394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.928{ec2a2542-2992-6254-689f-f78b50560000}4942/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-sparc /usr/bin/qemu-sparc-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.928{ec2a2542-2992-6254-686f-c388d8550000}4941/usr/sbin/update-binfmtsroot 154100x800000000000000031396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.929{ec2a2542-2992-6254-68ef-dcb17d550000}4943/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-sparc32plus /usr/bin/qemu-sparc32plus-static --magic \x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12 --mask \xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff --offset 0 --credential yes/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2992-6254-68d2-bb8d2a560000}4922/bin/dash/bin/shroot 534500x800000000000000031395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.929{ec2a2542-2992-6254-689f-f78b50560000}4942/usr/sbin/update-binfmtsroot 534500x800000000000000031397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.930{ec2a2542-2992-6254-68ef-dcb17d550000}4943/usr/sbin/update-binfmtsroot 154100x800000000000000031398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:54.931{ec2a2542-2992-6254-68ff-b87839560000}4944/usr/sbin/update-binfmts-----update-binfmts --package qemu-user-static --install qemu-sparc64 /usr/bin/qemu-sparc64-static --magic \x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2b --