354300x800000000000000026090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:19.783{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54584-false10.0.1.12-8000-
354300x800000000000000026091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:23.286{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34296-false10.0.1.12-8089-
354300x800000000000000026092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:25.650{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54588-false10.0.1.12-8000-
354300x800000000000000026093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:30.676{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54590-false10.0.1.12-8000-
154100x800000000000000026094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.560{ec2a2542-2813-6254-68a4-1af27c550000}2544/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.571{ec2a2542-2813-6254-68a4-1af27c550000}2544/bin/psroot
23542300x800000000000000026096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:31.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:35.815{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54592-false10.0.1.12-8000-
354300x800000000000000026098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:41.689{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54594-false10.0.1.12-8000-
354300x800000000000000026099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:46.759{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54596-false10.0.1.12-8000-
354300x800000000000000026100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:52.693{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54598-false10.0.1.12-8000-
354300x800000000000000026101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:07:57.749{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54600-false10.0.1.12-8000-
23542300x800000000000000026102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:01.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:02.803{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54602-false10.0.1.12-8000-
354300x800000000000000026104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:08.599{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54604-false10.0.1.12-8000-
354300x800000000000000026105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:13.645{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54606-false10.0.1.12-8000-
354300x800000000000000026106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:18.813{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54608-false10.0.1.12-8000-
354300x800000000000000026107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:23.291{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34320-false10.0.1.12-8089-
354300x800000000000000026108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:24.642{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54612-false10.0.1.12-8000-
354300x800000000000000026109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:29.741{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54614-false10.0.1.12-8000-
23542300x800000000000000026110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:31.816{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
154100x800000000000000026111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:32.573{ec2a2542-2850-6254-68a4-7d491f560000}2545/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:32.590{ec2a2542-2850-6254-68a4-7d491f560000}2545/bin/psroot
354300x800000000000000026113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:34.779{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54616-false10.0.1.12-8000-
354300x800000000000000026114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:40.625{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54618-false10.0.1.12-8000-
354300x800000000000000026115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:45.818{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54620-false10.0.1.12-8000-
354300x800000000000000026116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:51.693{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54622-false10.0.1.12-8000-
354300x800000000000000026117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:08:56.776{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54624-false10.0.1.12-8000-
23542300x800000000000000026118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:01.813{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:02.605{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54626-false10.0.1.12-8000-
354300x800000000000000026120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:07.684{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54628-false10.0.1.12-8000-
354300x800000000000000026121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:13.677{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54630-false10.0.1.12-8000-
354300x800000000000000026122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:19.626{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54632-false10.0.1.12-8000-
354300x800000000000000026123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:23.295{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34344-false10.0.1.12-8089-
354300x800000000000000026124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:24.670{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54636-false10.0.1.12-8000-
354300x800000000000000026125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:30.665{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54638-false10.0.1.12-8000-
23542300x800000000000000026126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:31.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
154100x800000000000000026127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:33.650{ec2a2542-288d-6254-6874-b67dda550000}2546/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:33.660{ec2a2542-288d-6254-6874-b67dda550000}2546/bin/psroot
354300x800000000000000026129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:35.667{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54640-false10.0.1.12-8000-
354300x800000000000000026130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:40.757{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54642-false10.0.1.12-8000-
534500x800000000000000026131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:45.241{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452/lib/systemd/systemd-journaldroot
354300x800000000000000026132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:45.827{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54644-false10.0.1.12-8000-
354300x800000000000000026133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:51.664{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54646-false10.0.1.12-8000-
354300x800000000000000026134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:09:56.664{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54648-false10.0.1.12-8000-
354300x800000000000000026135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:01.704{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54650-false10.0.1.12-8000-
23542300x800000000000000026136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:01.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:06.760{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54652-false10.0.1.12-8000-
354300x800000000000000026138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:12.720{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54654-false10.0.1.12-8000-
354300x800000000000000026139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:17.726{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54656-false10.0.1.12-8000-
354300x800000000000000026140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:23.301{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34368-false10.0.1.12-8089-
354300x800000000000000026141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:23.708{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54660-false10.0.1.12-8000-
354300x800000000000000026142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:29.614{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54662-false10.0.1.12-8000-
23542300x800000000000000026143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:31.770{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.633{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54664-false10.0.1.12-8000-
154100x800000000000000026145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.662{ec2a2542-28ca-6254-68c4-b80a29560000}2548/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:34.673{ec2a2542-28ca-6254-68c4-b80a29560000}2548/bin/psroot
354300x800000000000000026147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:39.749{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54666-false10.0.1.12-8000-
354300x800000000000000026148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:45.705{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54668-false10.0.1.12-8000-
354300x800000000000000026149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:50.707{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54670-false10.0.1.12-8000-
354300x800000000000000026150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:10:56.649{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54672-false10.0.1.12-8000-
23542300x800000000000000026151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:01.691{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:01.793{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54674-false10.0.1.12-8000-
354300x800000000000000026153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:07.633{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54676-false10.0.1.12-8000-
354300x800000000000000026154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:12.638{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54678-false10.0.1.12-8000-
354300x800000000000000026155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:17.757{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54680-false10.0.1.12-8000-
354300x800000000000000026156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:22.763{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54682-false10.0.1.12-8000-
354300x800000000000000026157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.316{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34394-false10.0.1.12-8089-
354300x800000000000000026158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.663{ec2a2542-0ffd-6254-e0d7-7e6a46560000}1010/usr/sbin/sshdroottcpfalsefalse10.0.1.14-63205-false10.0.1.20-22-
154100x800000000000000026159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:23.664{ec2a2542-28fb-6254-e0e7-64420e560000}2549/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1010---
23542300x800000000000000026161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.365{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.365{00000000-0000-0000-0000-000000000000}2550<unknown process>sshd
534500x800000000000000026162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.366{00000000-0000-0000-0000-000000000000}2551<unknown process>root
154100x800000000000000026163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.383{ec2a2542-28fe-6254-5819-477f1c560000}2552/lib/systemd/systemd-----/lib/systemd/systemd --user/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot
534500x800000000000000026171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{00000000-0000-0000-0000-000000000000}2554<unknown process>root
534500x800000000000000026169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2562-root
534500x800000000000000026167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2558-root
534500x800000000000000026166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2556-root
534500x800000000000000026165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-28fe-6254-0000-000000000000}2555-root
23542300x800000000000000026164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.398{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{00000000-0000-0000-0000-000000000000}2559<unknown process>root
534500x800000000000000026172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{00000000-0000-0000-0000-000000000000}2553<unknown process>root
534500x800000000000000026170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{ec2a2542-28fe-6254-0000-000000000000}2561-root
534500x800000000000000026168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.399{ec2a2542-28fe-6254-0000-000000000000}2560-root
154100x800000000000000026174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.401{ec2a2542-28fe-6254-d0a2-94eed3550000}2568/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator-----/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2564---
23542300x800000000000000026175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.402{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{00000000-0000-0000-0000-000000000000}2563<unknown process>root
534500x800000000000000026177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{00000000-0000-0000-0000-000000000000}2565<unknown process>root
534500x800000000000000026176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.403{ec2a2542-28fe-6254-0000-000000000000}2566-root
534500x800000000000000026179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.404{ec2a2542-28fe-6254-0000-000000000000}2567-root
534500x800000000000000026180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.406{ec2a2542-28fe-6254-d0a2-94eed3550000}2568/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generatorubuntu
154100x800000000000000026181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.408{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bash-----/bin/bash /usr/lib/systemd/user-environment-generators/90gpg-agent/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2564---
154100x800000000000000026182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.410{ec2a2542-28fe-6254-b0ff-2f9933560000}2570/usr/bin/gpgconf-----gpgconf --list-dirs agent-socket/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bash/bin/bashubuntu
534500x800000000000000026185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{00000000-0000-0000-0000-000000000000}2572<unknown process>root
534500x800000000000000026184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{ec2a2542-28fe-6254-0000-000000000000}2571-root
23542300x800000000000000026183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.414{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.415{ec2a2542-28fe-6254-b0ff-2f9933560000}2570/usr/bin/gpgconfubuntu
154100x800000000000000026188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.416{ec2a2542-28fe-6254-f02c-37d046560000}2575/usr/bin/gawk-----awk -F: /^enable-ssh-support:/{ print $10 }/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2573---
154100x800000000000000026187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.416{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconf-----gpgconf --list-options gpg-agent/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}2573---
154100x800000000000000026189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.418{ec2a2542-28fe-6254-c815-43c74f560000}2576/usr/bin/gpg-agent-----gpg-agent --gpgconf-list/ubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconfgpgconfubuntu
534500x800000000000000026190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.427{ec2a2542-28fe-6254-c815-43c74f560000}2576/usr/bin/gpg-agentubuntu
534500x800000000000000026194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-08a4-a63098550000}2569/bin/bashubuntu
534500x800000000000000026193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{00000000-0000-0000-0000-000000000000}2573<unknown process>ubuntu
534500x800000000000000026192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-f02c-37d046560000}2575/usr/bin/gawkubuntu
534500x800000000000000026191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.428{ec2a2542-28fe-6254-b05f-577827560000}2574/usr/bin/gpgconfubuntu
534500x800000000000000026195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.429{ec2a2542-28fe-6254-0000-000000000000}2564-ubuntu
534500x800000000000000026196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.430{00000000-0000-0000-0000-000000000000}2577<unknown process>ubuntu
154100x800000000000000026197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.458{ec2a2542-28fe-6254-d0fc-328b33560000}2578/bin/systemctl-----/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10003no level-{ec2a2542-28fe-6254-5819-477f1c560000}2552/lib/systemd/systemd/lib/systemd/systemdubuntu
534500x800000000000000026198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.464{ec2a2542-28fe-6254-d0fc-328b33560000}2578/bin/systemctlubuntu
154100x800000000000000026199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.468{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fb-6254-e0e7-64420e560000}2549/usr/sbin/sshd/usr/sbin/sshdroot
154100x800000000000000026201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.469{ec2a2542-28fe-6254-381a-7a14dc550000}2580/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashshroot
154100x800000000000000026200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.469{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashshroot
154100x800000000000000026202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.471{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-807e-f13d6e550000}2583/bin/uname-----uname -r/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot
534500x800000000000000026204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-80ae-3cc7e1550000}2582/bin/unameroot
154100x800000000000000026203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.475{ec2a2542-28fe-6254-80ae-3cc7e1550000}2582/bin/uname-----uname -o/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot
534500x800000000000000026208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-80de-e782cd550000}2584/bin/unameroot
154100x800000000000000026207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-80de-e782cd550000}2584/bin/uname-----uname -m/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dash/bin/shroot
534500x800000000000000026206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.479{ec2a2542-28fe-6254-807e-f13d6e550000}2583/bin/unameroot
154100x800000000000000026210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.480{ec2a2542-28fe-6254-6882-8b6436560000}2585/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.480{ec2a2542-28fe-6254-6832-e3ab78550000}2581/bin/dashroot
534500x800000000000000026212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.481{ec2a2542-28fe-6254-6882-8b6436560000}2585/bin/dashroot
23542300x800000000000000026211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.481{ec2a2542-0ff8-6254-c88a-1cbc6c550000}452root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:34242---
154100x800000000000000026213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.482{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.484{ec2a2542-28fe-6254-509c-8bf64b560000}2587/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot
154100x800000000000000026219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-989f-a40a04560000}2590/usr/bin/bc-----bc/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2588---
154100x800000000000000026216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-b8e0-b577ad550000}2591/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2589---
534500x800000000000000026215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.485{ec2a2542-28fe-6254-509c-8bf64b560000}2587/bin/greproot
534500x800000000000000026218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.486{00000000-0000-0000-0000-000000000000}2589<unknown process>root
534500x800000000000000026217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.486{ec2a2542-28fe-6254-b8e0-b577ad550000}2591/usr/bin/cutroot
154100x800000000000000026222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-080f-e12850560000}2592/bin/date-----/bin/date/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot
534500x800000000000000026221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-0000-000000000000}2588-root
534500x800000000000000026220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.488{ec2a2542-28fe-6254-989f-a40a04560000}2590/usr/bin/bcroot
154100x800000000000000026224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.489{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dash/bin/shroot
534500x800000000000000026223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.489{ec2a2542-28fe-6254-080f-e12850560000}2592/bin/dateroot
154100x800000000000000026226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.700{ec2a2542-28fe-6254-b8d1-47a8f87f0000}2594/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root
154100x800000000000000026225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.700{ec2a2542-28fe-6254-68f2-918200560000}2594/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.701{ec2a2542-28fe-6254-68f2-918200560000}2594/bin/dashroot
154100x800000000000000026229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.774{ec2a2542-28fe-6254-b8c1-49bc947f0000}2595/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root
154100x800000000000000026228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.774{ec2a2542-28fe-6254-6802-a1b060550000}2595/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:26.776{ec2a2542-28fe-6254-6802-a1b060550000}2595/bin/dashroot
534500x800000000000000026231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.020{00000000-0000-0000-0000-000000000000}2596<unknown process>root
154100x800000000000000026232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.089{ec2a2542-28ff-6254-f003-ba8fb3550000}2597/usr/bin/who-----who -q/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.093{ec2a2542-28ff-6254-f003-ba8fb3550000}2597/usr/bin/whoroot
154100x800000000000000026236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28fe-6254-6802-7e74bc550000}2586/bin/dashroot
534500x800000000000000026234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.164{ec2a2542-28fe-6254-a036-7b0000000000}2593/usr/bin/python3.6root
154100x800000000000000026241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-e095-7589dd550000}2601/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot
154100x800000000000000026239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-b820-36d485550000}2602/usr/bin/cut-----cut -c -80/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot
154100x800000000000000026238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-78a2-794cd3550000}2600/usr/bin/head-----head -n 10/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot
154100x800000000000000026237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.165{ec2a2542-28ff-6254-d0b9-219a33560000}2599/bin/cat-----cat /var/cache/motd-news/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dash/bin/shroot
534500x800000000000000026243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.166{ec2a2542-28ff-6254-d0b9-219a33560000}2599/bin/catroot
534500x800000000000000026240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.166{ec2a2542-28ff-6254-78a2-794cd3550000}2600/usr/bin/headroot
154100x800000000000000026246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-6802-79df01560000}2603/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-68f2-ff1ec2550000}2598/bin/dashroot
534500x800000000000000026244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-b820-36d485550000}2602/usr/bin/cutroot
534500x800000000000000026242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.167{ec2a2542-28ff-6254-e095-7589dd550000}2601/usr/bin/trroot
534500x800000000000000026247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.171{ec2a2542-28ff-6254-6802-79df01560000}2603/bin/dashroot
154100x800000000000000026248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.172{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.173{ec2a2542-28ff-6254-d079-d6330e560000}2605/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dash/bin/shroot
154100x800000000000000026252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-6882-9d7f5b550000}2606/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-6832-2960bd550000}2604/bin/dashroot
534500x800000000000000026250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.174{ec2a2542-28ff-6254-d079-d6330e560000}2605/bin/catroot
154100x800000000000000026260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6872-2e966e550000}2607/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.175{ec2a2542-28ff-6254-6882-9d7f5b550000}2606/bin/dashroot
154100x800000000000000026256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.176{ec2a2542-28ff-6254-b840-ada5bc550000}2610/usr/bin/cut-----cut -d -f4/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2608---
154100x800000000000000026255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.176{ec2a2542-28ff-6254-a036-7b0000000000}2609/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2608---
534500x800000000000000026259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28fe-6254-0000-000000000000}2608-root
534500x800000000000000026258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28ff-6254-b840-ada5bc550000}2610/usr/bin/cutroot
534500x800000000000000026257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.231{ec2a2542-28ff-6254-a036-7b0000000000}2609/usr/bin/python3.6root
154100x800000000000000026261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.233{ec2a2542-28ff-6254-08df-5e2a8e550000}2611/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot
154100x800000000000000026263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.234{ec2a2542-28ff-6254-8834-e3c6a4550000}2612/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot
534500x800000000000000026262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.234{ec2a2542-28ff-6254-08df-5e2a8e550000}2611/bin/dateroot
154100x800000000000000026265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.236{ec2a2542-28ff-6254-98e5-81b8ef550000}2613/usr/bin/expr-----expr 1649433960 + 86400/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dash/bin/shroot
534500x800000000000000026264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.236{ec2a2542-28ff-6254-8834-e3c6a4550000}2612/usr/bin/statroot
154100x800000000000000026268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.238{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/ubuntu-release-upgrader/check-new-release -q/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-0ff1-6254-58a9-8a1e10560000}1/lib/systemd/systemd/sbin/initroot
534500x800000000000000026266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.238{ec2a2542-28ff-6254-98e5-81b8ef550000}2613/usr/bin/exprroot
154100x800000000000000026270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6872-99c685550000}2615/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6842-8317e4550000}2615/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.239{ec2a2542-28ff-6254-6812-973102560000}2607/bin/dashroot
154100x800000000000000026273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-68d2-a877e1550000}2616/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.241{ec2a2542-28ff-6254-6842-8317e4550000}2615/bin/dashroot
154100x800000000000000026274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.244{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.248{ec2a2542-28ff-6254-70f1-e971a7550000}2618/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-configapt-configroot
534500x800000000000000026277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.250{ec2a2542-28ff-6254-7334-c6f919560000}2617/usr/bin/apt-configroot
534500x800000000000000026276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.250{ec2a2542-28ff-6254-70f1-e971a7550000}2618/usr/bin/dpkgroot
154100x800000000000000026278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.251{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.255{ec2a2542-28ff-6254-70e1-cbb829560000}2620/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-configapt-configroot
534500x800000000000000026280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.257{ec2a2542-28ff-6254-70e1-cbb829560000}2620/usr/bin/dpkgroot
154100x800000000000000026282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.258{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
534500x800000000000000026281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.258{ec2a2542-28ff-6254-73c4-ae81c5550000}2619/usr/bin/apt-configroot
154100x800000000000000026283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.262{ec2a2542-28ff-6254-7001-5bedf8550000}2622/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-configapt-configroot
534500x800000000000000026284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.264{ec2a2542-28ff-6254-7001-5bedf8550000}2622/usr/bin/dpkgroot
154100x800000000000000026286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.265{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
534500x800000000000000026285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.265{ec2a2542-28ff-6254-73c4-81a75b550000}2621/usr/bin/apt-configroot
154100x800000000000000026287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.270{ec2a2542-28ff-6254-7031-9e8f43560000}2624/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-configapt-configroot
534500x800000000000000026289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.272{ec2a2542-28ff-6254-73a4-89492e560000}2623/usr/bin/apt-configroot
534500x800000000000000026288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.272{ec2a2542-28ff-6254-7031-9e8f43560000}2624/usr/bin/dpkgroot
154100x800000000000000026290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.275{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.291{ec2a2542-28ff-6254-7031-d5198e550000}2626/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-configapt-configroot
534500x800000000000000026292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.293{ec2a2542-28ff-6254-7031-d5198e550000}2626/usr/bin/dpkgroot
534500x800000000000000026293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.294{ec2a2542-28ff-6254-7354-66da9e550000}2625/usr/bin/apt-configroot
154100x800000000000000026294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.295{ec2a2542-28ff-6254-9020-05831c560000}2627/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-a820-bf4edf550000}2628/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-e858-3a7de1550000}2629/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2628---
534500x800000000000000026295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.299{ec2a2542-28ff-6254-9020-05831c560000}2627/usr/bin/findroot
534500x800000000000000026299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.300{ec2a2542-28ff-6254-a820-bf4edf550000}2628/bin/mktemproot
534500x800000000000000026297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.300{ec2a2542-28ff-6254-e858-3a7de1550000}2629/usr/bin/dirnameroot
154100x800000000000000026300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.301{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/hwe-support-status/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.359{ec2a2542-28ff-6254-70a1-169da6550000}2631/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
23542300x800000000000000026303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.361{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.e10XSt---
534500x800000000000000026302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.361{ec2a2542-28ff-6254-70a1-169da6550000}2631/usr/bin/dpkgroot
23542300x800000000000000026304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.366{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.oSYGxU---
23542300x800000000000000026305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.372{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.UWpkdl---
23542300x800000000000000026306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.373{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.GepeTL---
23542300x800000000000000026307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.375{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.S5Ipzc---
23542300x800000000000000026308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.379{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.A4kkgD---
23542300x800000000000000026309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.381{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.k8fuX3---
23542300x800000000000000026310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.386{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.aursFu---
23542300x800000000000000026311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.387{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.mAoHnV---
23542300x800000000000000026312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.389{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.8zxa6l---
23542300x800000000000000026313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.390{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.iv9QOM---
23542300x800000000000000026314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.391{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2qVKxd---
23542300x800000000000000026315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.393{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I5CUgE---
23542300x800000000000000026316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.394{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.qzOj04---
23542300x800000000000000026317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.396{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.UHxZJv---
23542300x800000000000000026318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.397{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2MLUtW---
23542300x800000000000000026319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.399{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.wxS7dn---
154100x800000000000000026320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.400{ec2a2542-28ff-6254-70a1-0d9cd9550000}2632/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.403{ec2a2542-28ff-6254-70a1-0d9cd9550000}2632/usr/bin/dpkgroot
154100x800000000000000026322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.417{ec2a2542-28ff-6254-a036-7b0000000000}2633/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.471{ec2a2542-28ff-6254-a036-7b0000000000}2633/usr/bin/python3.6root
154100x800000000000000026324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.472{ec2a2542-28ff-6254-70d1-8d5d8a550000}2634/usr/bin/dpkg-----dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.474{ec2a2542-28ff-6254-70d1-8d5d8a550000}2634/usr/bin/dpkgroot
534500x800000000000000026326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.493{ec2a2542-28ff-6254-a036-7b0000000000}2630/usr/bin/python3.6root
154100x800000000000000026327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.494{ec2a2542-28ff-6254-885b-49138c550000}2635/bin/mv-----mv /var/lib/update-notifier/tmp.I1AUa8mpL0 /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
154100x800000000000000026329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.495{ec2a2542-28ff-6254-d019-be6f30560000}2636/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
534500x800000000000000026328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.495{ec2a2542-28ff-6254-885b-49138c550000}2635/bin/mvroot
154100x800000000000000026331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.496{ec2a2542-28ff-6254-70c3-b0f470550000}2637/bin/rm-----rm -f /var/lib/update-notifier/tmp.I1AUa8mpL0/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dash/bin/shroot
534500x800000000000000026330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.496{ec2a2542-28ff-6254-d019-be6f30560000}2636/bin/catroot
534500x800000000000000026333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.497{ec2a2542-28ff-6254-68c2-58e508560000}2616/bin/dashroot
534500x800000000000000026332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.497{ec2a2542-28ff-6254-70c3-b0f470550000}2637/bin/rmroot
154100x800000000000000026334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.498{ec2a2542-28ff-6254-6832-b8d736560000}2638/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.500{ec2a2542-28ff-6254-506c-d0beb0550000}2640/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639---
154100x800000000000000026335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.500{ec2a2542-28ff-6254-6862-9f47f9550000}2640/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639---
154100x800000000000000026337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.501{ec2a2542-28ff-6254-188a-8f573a560000}2641/usr/bin/sort-----sort -r/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2639---
534500x800000000000000026338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.502{ec2a2542-28ff-6254-6862-9f47f9550000}2640/bin/dashroot
534500x800000000000000026341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{ec2a2542-28ff-6254-6832-b8d736560000}2638/bin/dashroot
534500x800000000000000026340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{00000000-0000-0000-0000-000000000000}2639<unknown process>root
534500x800000000000000026339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.503{ec2a2542-28ff-6254-188a-8f573a560000}2641/usr/bin/sortroot
154100x800000000000000026343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.504{ec2a2542-28ff-6254-68b2-8f4745560000}2642/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.504{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.510{ec2a2542-28ff-6254-8894-11df70550000}2643/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
154100x800000000000000026348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-085f-9c25bc550000}2644/bin/date-----date -d now - 6414.04 seconds +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
154100x800000000000000026346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-f0bc-7d628b550000}2645/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2644---
534500x800000000000000026345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.515{ec2a2542-28ff-6254-8894-11df70550000}2643/usr/bin/statroot
154100x800000000000000026350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-086f-6c6ad4550000}2646/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
534500x800000000000000026349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-085f-9c25bc550000}2644/bin/dateroot
534500x800000000000000026347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.518{ec2a2542-28ff-6254-f0bc-7d628b550000}2645/usr/bin/gawkroot
534500x800000000000000026351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.519{ec2a2542-28ff-6254-086f-6c6ad4550000}2646/bin/dateroot
154100x800000000000000026353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.521{ec2a2542-28ff-6254-f00c-0b0335560000}2649/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2647---
154100x800000000000000026352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.521{ec2a2542-28ff-6254-a852-6d210f560000}2648/bin/mount-----mount/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2647---
534500x800000000000000026355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.524{ec2a2542-28ff-6254-f00c-0b0335560000}2649/usr/bin/gawkroot
534500x800000000000000026354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.524{ec2a2542-28ff-6254-a852-6d210f560000}2648/bin/mountroot
154100x800000000000000026357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.528{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
534500x800000000000000026356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.528{00000000-0000-0000-0000-000000000000}2647<unknown process>root
924900x800000000000000026358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.530{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fs/dev/nvme0n1p1root
154100x800000000000000026360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.531{ec2a2542-28ff-6254-507c-dc0e61550000}2653/bin/grep-----grep ^Mount count:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2651---
534500x800000000000000026359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.531{ec2a2542-28ff-6254-689e-98588d550000}2650/sbin/dumpe2fsroot
154100x800000000000000026361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.532{ec2a2542-28ff-6254-b820-be6af5550000}2654/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2651---
534500x800000000000000026363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.534{ec2a2542-28ff-6254-507c-dc0e61550000}2653/bin/greproot
534500x800000000000000026362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.534{00000000-0000-0000-0000-000000000000}2652<unknown process>root
534500x800000000000000026365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.535{ec2a2542-28ff-6254-0000-000000000000}2651-root
534500x800000000000000026364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.535{ec2a2542-28ff-6254-b820-be6af5550000}2654/usr/bin/cutroot
154100x800000000000000026367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.542{ec2a2542-28ff-6254-506c-97c33e560000}2657/bin/grep-----grep ^Maximum mount count:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2655---
154100x800000000000000026368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.543{ec2a2542-28ff-6254-b850-591a24560000}2658/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2655---
534500x800000000000000026366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.543{ec2a2542-28ff-6254-0000-000000000000}2656-root
534500x800000000000000026370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.544{ec2a2542-28ff-6254-b850-591a24560000}2658/usr/bin/cutroot
534500x800000000000000026369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.544{ec2a2542-28ff-6254-506c-97c33e560000}2657/bin/greproot
534500x800000000000000026371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.549{00000000-0000-0000-0000-000000000000}2655<unknown process>root
154100x800000000000000026376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-b8d0-be8411560000}2663/usr/bin/cut-----cut -d( -f 1/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659---
154100x800000000000000026374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-b880-ba32d5550000}2662/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659---
154100x800000000000000026373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-50fc-5c0f48560000}2661/bin/grep-----grep ^Check interval:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2659---
534500x800000000000000026372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.550{ec2a2542-28ff-6254-0000-000000000000}2660-root
534500x800000000000000026375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.551{ec2a2542-28ff-6254-50fc-5c0f48560000}2661/bin/greproot
534500x800000000000000026377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.555{ec2a2542-28ff-6254-b880-ba32d5550000}2662/usr/bin/cutroot
154100x800000000000000026382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-b8f0-6170dc550000}2667/usr/bin/cut-----cut -d: -f 2-/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2664---
154100x800000000000000026381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-50cc-7c9070550000}2666/bin/grep-----grep ^Next check after:/root{ec2a2542-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}2664---
534500x800000000000000026380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-0000-000000000000}2665-root
534500x800000000000000026379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{00000000-0000-0000-0000-000000000000}2659<unknown process>root
534500x800000000000000026378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.556{ec2a2542-28ff-6254-b8d0-be8411560000}2663/usr/bin/cutroot
534500x800000000000000026383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.561{ec2a2542-28ff-6254-50cc-7c9070550000}2666/bin/greproot
154100x800000000000000026386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{ec2a2542-28ff-6254-088f-e48175550000}2668/bin/date-----date -d +%s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
534500x800000000000000026385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{00000000-0000-0000-0000-000000000000}2664<unknown process>root
534500x800000000000000026384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.563{ec2a2542-28ff-6254-b8f0-6170dc550000}2667/usr/bin/cutroot
534500x800000000000000026387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.564{ec2a2542-28ff-6254-088f-e48175550000}2668/bin/dateroot
154100x800000000000000026388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.565{ec2a2542-28ff-6254-d0f9-cdcb07560000}2669/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dash/bin/shroot
534500x800000000000000026390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.566{ec2a2542-28ff-6254-68b2-aef142560000}2642/bin/dashroot
534500x800000000000000026389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.566{ec2a2542-28ff-6254-d0f9-cdcb07560000}2669/bin/catroot
154100x800000000000000026392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.567{ec2a2542-28ff-6254-6862-763267550000}2670/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
154100x800000000000000026391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.567{ec2a2542-28ff-6254-6892-7852c1550000}2670/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/env/usr/bin/envroot
534500x800000000000000026395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28fe-6254-6852-1be5ad550000}2579/bin/dashroot
534500x800000000000000026394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28fe-6254-783c-76de08560000}2580/usr/bin/envroot
534500x800000000000000026393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.572{ec2a2542-28ff-6254-6892-7852c1550000}2670/bin/dashroot
154100x800000000000000026397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.631{ec2a2542-28ff-6254-30c5-b9c4a1550000}2672/usr/lib/openssh/sftp-server-----/usr/lib/openssh/sftp-server/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2671---
154100x800000000000000026396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.631{ec2a2542-28ff-6254-0874-2a80da550000}2672/bin/bash-----bash -c /usr/lib/openssh/sftp-server/home/ubuntuubuntu{ec2a2542-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2671---
23542300x800000000000000026398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.757{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.0c1QWO---
23542300x800000000000000026399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.761{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.McJlGg---
23542300x800000000000000026400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.765{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.YKgzqI---
23542300x800000000000000026401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.767{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.KoF2aa---
23542300x800000000000000026402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.768{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.ANRLVB---
23542300x800000000000000026403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.773{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.mWKcH3---
23542300x800000000000000026404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.774{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I29Ssv---
23542300x800000000000000026405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.778{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.MrngfX---
23542300x800000000000000026406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.780{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.QAvT1o---
23542300x800000000000000026407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.781{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.IWKJOQ---
23542300x800000000000000026408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.782{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.I7ZMBi---
23542300x800000000000000026409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.783{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.oK22oK---
23542300x800000000000000026410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.785{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.6Bszcc---
23542300x800000000000000026411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.787{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.8XCt0D---
23542300x800000000000000026412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.789{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.2P9DO5---
23542300x800000000000000026413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.790{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.iFZ3Cx---
354300x800000000000000026414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.791{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54686-false10.0.1.12-8000-
23542300x800000000000000026415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.792{ec2a2542-28ff-6254-a036-7b0000000000}2614root/usr/bin/python3.6/tmp/fileutl.message.wSfNrZ---
154100x800000000000000026416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.795{ec2a2542-28ff-6254-a036-7b0000000000}2673/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.838{ec2a2542-28ff-6254-a036-7b0000000000}2673/usr/bin/python3.6root
154100x800000000000000026418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.844{ec2a2542-28ff-6254-a036-7b0000000000}2674/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.890{ec2a2542-28ff-6254-a036-7b0000000000}2674/usr/bin/python3.6root
154100x800000000000000026420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.892{ec2a2542-28ff-6254-a036-7b0000000000}2675/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.935{ec2a2542-28ff-6254-a036-7b0000000000}2675/usr/bin/python3.6root
154100x800000000000000026422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.937{ec2a2542-28ff-6254-a036-7b0000000000}2676/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -r -s/root{ec2a2542-0000-0000-0000-000000000000}02no level-{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.978{ec2a2542-28ff-6254-a036-7b0000000000}2676/usr/bin/python3.6root
354300x800000000000000026427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44111-false10.0.0.2-53-
354300x800000000000000026426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44520-false10.0.0.2-53-
354300x800000000000000026425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53-
354300x800000000000000026424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:27.991{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6rootudptruefalse127.0.0.1-45201-false127.0.0.53-53-
354300x800000000000000026428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.015{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45201-
354300x800000000000000026429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.016{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6rootudpfalsefalse127.0.0.53-53-false127.0.0.1-45201-
534500x800000000000000026432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{00000000-0000-0000-0000-000000000000}2678<unknown process>root
534500x800000000000000026431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{ec2a2542-2900-6254-0000-000000000000}2679-root
23542300x800000000000000026430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.081{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
354300x800000000000000026433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.102{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6roottcptruefalse10.0.1.20-35356-false91.189.91.49-443-
534500x800000000000000026434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.156{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6root
534500x800000000000000026435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:28.171{ec2a2542-28ff-6254-a036-7b0000000000}2614/usr/bin/python3.6root
23542300x800000000000000026436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:31.814{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:33.662{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54690-false10.0.1.12-8000-
154100x800000000000000026438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:35.733{ec2a2542-2907-6254-6844-7c6c82550000}2680/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:35.746{ec2a2542-2907-6254-6844-7c6c82550000}2680/bin/psroot
354300x800000000000000026440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:39.618{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54692-false10.0.1.12-8000-
354300x800000000000000026441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:44.703{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54694-false10.0.1.12-8000-
354300x800000000000000026442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:50.600{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54696-false10.0.1.12-8000-
354300x800000000000000026443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:11:55.796{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54698-false10.0.1.12-8000-
354300x800000000000000026444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:01.704{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54700-false10.0.1.12-8000-
23542300x800000000000000026445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:01.813{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
154100x800000000000000026447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:04.809{ec2a2542-2924-6254-e057-8c3ef0550000}2682/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1010---
354300x800000000000000026446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:04.809{ec2a2542-0ffd-6254-e0d7-7e6a46560000}1010/usr/sbin/sshdroottcpfalsefalse212.187.221.38-52566-false10.0.1.20-22-
354300x800000000000000026448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:06.819{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54702-false10.0.1.12-8000-
534500x800000000000000026449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.500{00000000-0000-0000-0000-000000000000}2683<unknown process>sshd
154100x800000000000000026450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.507{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2924-6254-e057-8c3ef0550000}2682/usr/sbin/sshd/usr/sbin/sshdroot
154100x800000000000000026452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.508{ec2a2542-2927-6254-38ca-f77774550000}2685/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashshroot
154100x800000000000000026451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.508{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashshroot
154100x800000000000000026453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.509{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.510{ec2a2542-2927-6254-80de-de6e19560000}2687/bin/unameroot
154100x800000000000000026454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.510{ec2a2542-2927-6254-80de-de6e19560000}2687/bin/uname-----uname -o/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot
154100x800000000000000026458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-80ae-18a624560000}2689/bin/uname-----uname -m/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot
534500x800000000000000026457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-808e-6e3476550000}2688/bin/unameroot
154100x800000000000000026456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.511{ec2a2542-2927-6254-808e-6e3476550000}2688/bin/uname-----uname -r/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dash/bin/shroot
154100x800000000000000026461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-6862-a4fce2550000}2690/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-68b2-f40fe9550000}2686/bin/dashroot
534500x800000000000000026459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.512{ec2a2542-2927-6254-80ae-18a624560000}2689/bin/unameroot
154100x800000000000000026464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-501c-414747560000}2692/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot
154100x800000000000000026463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.513{ec2a2542-2927-6254-6862-a4fce2550000}2690/bin/dashroot
154100x800000000000000026466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.515{ec2a2542-2927-6254-988f-08aa94550000}2695/usr/bin/bc-----bc/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2693---
534500x800000000000000026465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.515{ec2a2542-2927-6254-501c-414747560000}2692/bin/greproot
534500x800000000000000026470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-988f-08aa94550000}2695/usr/bin/bcroot
534500x800000000000000026469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{00000000-0000-0000-0000-000000000000}2694<unknown process>root
534500x800000000000000026468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-b8f0-2bcf6e550000}2696/usr/bin/cutroot
154100x800000000000000026467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.517{ec2a2542-2927-6254-b8f0-2bcf6e550000}2696/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2694---
154100x800000000000000026472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.518{ec2a2542-2927-6254-08df-361d44560000}2697/bin/date-----/bin/date/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot
534500x800000000000000026471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.518{ec2a2542-2900-6254-0000-000000000000}2693-root
154100x800000000000000026474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.519{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dash/bin/shroot
534500x800000000000000026473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.519{ec2a2542-2927-6254-08df-361d44560000}2697/bin/dateroot
154100x800000000000000026476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.706{ec2a2542-2927-6254-b851-4fa05b7f0000}2699/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root
154100x800000000000000026475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.706{ec2a2542-2927-6254-6892-5679e1550000}2699/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.707{ec2a2542-2927-6254-6892-5679e1550000}2699/bin/dashroot
154100x800000000000000026479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.743{ec2a2542-2927-6254-b801-415c417f0000}2700/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root
154100x800000000000000026478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.743{ec2a2542-2927-6254-6822-5b875a550000}2700/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.745{ec2a2542-2927-6254-6822-5b875a550000}2700/bin/dashroot
534500x800000000000000026481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.846{00000000-0000-0000-0000-000000000000}2701<unknown process>root
154100x800000000000000026482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.881{ec2a2542-2927-6254-f083-8b6c63550000}2702/usr/bin/who-----who -q/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6/usr/bin/python3root
534500x800000000000000026483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.886{ec2a2542-2927-6254-f083-8b6c63550000}2702/usr/bin/whoroot
534500x800000000000000026484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.954{ec2a2542-2927-6254-a036-7b0000000000}2698/usr/bin/python3.6root
154100x800000000000000026486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.955{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.955{ec2a2542-2927-6254-68a2-51fd9a550000}2691/bin/dashroot
154100x800000000000000026492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-e095-9ada8e550000}2706/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot
154100x800000000000000026491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-b810-5698ea550000}2707/usr/bin/cut-----cut -c -80/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot
154100x800000000000000026489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-78d2-c36473550000}2705/usr/bin/head-----head -n 10/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot
534500x800000000000000026488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-d0c9-250c1d560000}2704/bin/catroot
154100x800000000000000026487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.956{ec2a2542-2927-6254-d0c9-250c1d560000}2704/bin/cat-----cat /var/cache/motd-news/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dash/bin/shroot
534500x800000000000000026490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.957{ec2a2542-2927-6254-78d2-c36473550000}2705/usr/bin/headroot
534500x800000000000000026493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.958{ec2a2542-2927-6254-e095-9ada8e550000}2706/usr/bin/trroot
154100x800000000000000026496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-6872-c50aa3550000}2708/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-6872-8e51b6550000}2703/bin/dashroot
534500x800000000000000026494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.959{ec2a2542-2927-6254-b810-5698ea550000}2707/usr/bin/cutroot
154100x800000000000000026499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-d0c9-52504c560000}2710/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dash/bin/shroot
154100x800000000000000026498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.960{ec2a2542-2927-6254-6872-c50aa3550000}2708/bin/dashroot
154100x800000000000000026502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-6882-b27db9550000}2711/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-6812-d75b76550000}2709/bin/dashroot
534500x800000000000000026500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.961{ec2a2542-2927-6254-d0c9-52504c560000}2710/bin/catroot
154100x800000000000000026510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-6892-d3971f560000}2712/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
154100x800000000000000026504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.966{ec2a2542-2927-6254-6882-b27db9550000}2711/bin/dashroot
154100x800000000000000026506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.968{ec2a2542-2927-6254-b8f0-bb46a7550000}2715/usr/bin/cut-----cut -d -f4/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2713---
154100x800000000000000026505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:07.968{ec2a2542-2927-6254-a036-7b0000000000}2714/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2713---
534500x800000000000000026509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2900-6254-0000-000000000000}2713-root
534500x800000000000000026508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2927-6254-b8f0-bb46a7550000}2715/usr/bin/cutroot
534500x800000000000000026507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.012{ec2a2542-2927-6254-a036-7b0000000000}2714/usr/bin/python3.6root
154100x800000000000000026511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.013{ec2a2542-2928-6254-083f-209eed550000}2716/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot
154100x800000000000000026513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.014{ec2a2542-2928-6254-88e4-8bdc22560000}2717/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot
534500x800000000000000026512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.014{ec2a2542-2928-6254-083f-209eed550000}2716/bin/dateroot
154100x800000000000000026515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.015{ec2a2542-2928-6254-9815-ce090a560000}2718/usr/bin/expr-----expr 1649682689 + 86400/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot
534500x800000000000000026514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.015{ec2a2542-2928-6254-88e4-8bdc22560000}2717/usr/bin/statroot
154100x800000000000000026517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.016{ec2a2542-2928-6254-d079-245129560000}2719/bin/cat-----cat /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dash/bin/shroot
534500x800000000000000026516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.016{ec2a2542-2928-6254-9815-ce090a560000}2718/usr/bin/exprroot
154100x800000000000000026521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-6862-1812dd550000}2720/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
154100x800000000000000026520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-68b2-5f8356550000}2720/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2927-6254-68e2-ebcb0e560000}2712/bin/dashroot
534500x800000000000000026518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.017{ec2a2542-2928-6254-d079-245129560000}2719/bin/catroot
154100x800000000000000026524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-6872-72060f560000}2721/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
154100x800000000000000026523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.018{ec2a2542-2928-6254-68b2-5f8356550000}2720/bin/dashroot
154100x800000000000000026525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.019{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
154100x800000000000000026526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.023{ec2a2542-2928-6254-7071-8c0a21560000}2723/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-configapt-configroot
534500x800000000000000026528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.027{ec2a2542-2928-6254-7334-6d092d560000}2722/usr/bin/apt-configroot
534500x800000000000000026527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.027{ec2a2542-2928-6254-7071-8c0a21560000}2723/usr/bin/dpkgroot
154100x800000000000000026529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.028{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
154100x800000000000000026530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.032{ec2a2542-2928-6254-70e1-151e44560000}2725/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-configapt-configroot
534500x800000000000000026531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.034{ec2a2542-2928-6254-70e1-151e44560000}2725/usr/bin/dpkgroot
154100x800000000000000026533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.035{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
534500x800000000000000026532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.035{ec2a2542-2928-6254-73c4-e4f978550000}2724/usr/bin/apt-configroot
154100x800000000000000026534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.040{ec2a2542-2928-6254-7081-87ff1a560000}2727/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-configapt-configroot
154100x800000000000000026537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
534500x800000000000000026536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7324-ec1e49560000}2726/usr/bin/apt-configroot
534500x800000000000000026535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.042{ec2a2542-2928-6254-7081-87ff1a560000}2727/usr/bin/dpkgroot
154100x800000000000000026538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.046{ec2a2542-2928-6254-70c1-878fd4550000}2729/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-configapt-configroot
534500x800000000000000026539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.048{ec2a2542-2928-6254-70c1-878fd4550000}2729/usr/bin/dpkgroot
154100x800000000000000026541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.049{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
534500x800000000000000026540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.049{ec2a2542-2928-6254-7314-f82861550000}2728/usr/bin/apt-configroot
154100x800000000000000026542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.053{ec2a2542-2928-6254-70c1-cb519f550000}2731/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-configapt-configroot
534500x800000000000000026544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.055{ec2a2542-2928-6254-73a4-6c3841560000}2730/usr/bin/apt-configroot
534500x800000000000000026543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.055{ec2a2542-2928-6254-70c1-cb519f550000}2731/usr/bin/dpkgroot
154100x800000000000000026545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.056{ec2a2542-2928-6254-9080-f5d702560000}2732/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
154100x800000000000000026549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-a8c0-023758550000}2733/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
154100x800000000000000026547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-e8a8-997b47560000}2734/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2733---
534500x800000000000000026546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.057{ec2a2542-2928-6254-9080-f5d702560000}2732/usr/bin/findroot
534500x800000000000000026550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.058{ec2a2542-2928-6254-a8c0-023758550000}2733/bin/mktemproot
534500x800000000000000026548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.058{ec2a2542-2928-6254-e8a8-997b47560000}2734/usr/bin/dirnameroot
154100x800000000000000026553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-70c3-34bfc1550000}2736/bin/rm-----rm -f /var/lib/update-notifier/tmp.fqgHbSelw3/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
534500x800000000000000026552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-d039-8deb45560000}2735/bin/catroot
154100x800000000000000026551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.059{ec2a2542-2928-6254-d039-8deb45560000}2735/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dash/bin/shroot
154100x800000000000000026557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-6832-cd0b06560000}2737/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-68b2-d8179e550000}2721/bin/dashroot
534500x800000000000000026555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-70c3-34bfc1550000}2736/bin/rmroot
23542300x800000000000000026554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.060{ec2a2542-2928-6254-70c3-34bfc1550000}2736root/bin/rm/var/lib/update-notifier/tmp.fqgHbSelw3---
154100x800000000000000026560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-506c-db3970550000}2739/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738---
154100x800000000000000026559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-18fa-58c71d560000}2740/usr/bin/sort-----sort -r/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738---
154100x800000000000000026558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.061{ec2a2542-2928-6254-68f2-b267e0550000}2739/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2738---
534500x800000000000000026563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{00000000-0000-0000-0000-000000000000}2738<unknown process>root
534500x800000000000000026562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{ec2a2542-2928-6254-18fa-58c71d560000}2740/usr/bin/sortroot
534500x800000000000000026561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.062{ec2a2542-2928-6254-68f2-b267e0550000}2739/bin/dashroot
154100x800000000000000026566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6892-b2e218560000}2741/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6832-cd0b06560000}2737/bin/dashroot
154100x800000000000000026564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.063{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
154100x800000000000000026571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-086f-49ae0c560000}2743/bin/date-----date -d now - 6454.59 seconds +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot
534500x800000000000000026568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-8814-030fb1550000}2742/usr/bin/statroot
154100x800000000000000026567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.064{ec2a2542-2928-6254-8814-030fb1550000}2742/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot
154100x800000000000000026569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.065{ec2a2542-2928-6254-f07c-539497550000}2744/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2743---
534500x800000000000000026570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.066{ec2a2542-2928-6254-f07c-539497550000}2744/usr/bin/gawkroot
154100x800000000000000026573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.067{ec2a2542-2928-6254-08df-dad52c560000}2745/bin/date-----date +%s/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot
534500x800000000000000026572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.067{ec2a2542-2928-6254-086f-49ae0c560000}2743/bin/dateroot
534500x800000000000000026576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-d0e9-6f9139560000}2746/bin/catroot
154100x800000000000000026575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-d0e9-6f9139560000}2746/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dash/bin/shroot
534500x800000000000000026574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.069{ec2a2542-2928-6254-08df-dad52c560000}2745/bin/dateroot
154100x800000000000000026579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6862-e3a669550000}2747/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
154100x800000000000000026578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6872-c0316c550000}2747/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/env/usr/bin/envroot
534500x800000000000000026577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.070{ec2a2542-2928-6254-6812-5b393d560000}2741/bin/dashroot
534500x800000000000000026582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2927-6254-781c-f9d7ed550000}2685/usr/bin/envroot
534500x800000000000000026581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2927-6254-68f2-d1a948560000}2684/bin/dashroot
534500x800000000000000026580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.071{ec2a2542-2928-6254-6872-c0316c550000}2747/bin/dashroot
154100x800000000000000026583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.426{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash------bash/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2748---
154100x800000000000000026584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.433{ec2a2542-2928-6254-881e-2f5034560000}2751/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2750---
534500x800000000000000026586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.435{00000000-0000-0000-0000-000000000000}2750<unknown process>ubuntu
534500x800000000000000026585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.435{ec2a2542-2928-6254-881e-2f5034560000}2751/usr/bin/locale-checkubuntu
154100x800000000000000026587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.438{ec2a2542-2928-6254-3040-64d279550000}2752/usr/bin/locale-----locale/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu
534500x800000000000000026588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.440{ec2a2542-2928-6254-3040-64d279550000}2752/usr/bin/localeubuntu
534500x800000000000000026589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.442{00000000-0000-0000-0000-000000000000}2753<unknown process>ubuntu
154100x800000000000000026590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.472{ec2a2542-2928-6254-6892-373439560000}2755/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2754---
154100x800000000000000026591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.474{ec2a2542-2928-6254-e8eb-02d3ea550000}2756/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-6892-373439560000}2755/bin/dash/bin/shubuntu
154100x800000000000000026593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.476{ec2a2542-2928-6254-e8c8-48bf52560000}2758/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2757---
534500x800000000000000026592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.476{ec2a2542-2928-6254-e8eb-02d3ea550000}2756/usr/bin/basenameubuntu
534500x800000000000000026596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{ec2a2542-2928-6254-6892-373439560000}2755/bin/dashubuntu
534500x800000000000000026595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{00000000-0000-0000-0000-000000000000}2757<unknown process>ubuntu
534500x800000000000000026594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.477{ec2a2542-2928-6254-e8c8-48bf52560000}2758/usr/bin/dirnameubuntu
534500x800000000000000026597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.478{00000000-0000-0000-0000-000000000000}2754<unknown process>ubuntu
154100x800000000000000026598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.479{ec2a2542-2928-6254-4889-88f823560000}2760/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2759---
534500x800000000000000026600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.481{ec2a2542-2900-6254-0000-000000000000}2759-ubuntu
534500x800000000000000026599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:08.481{ec2a2542-2928-6254-4889-88f823560000}2760/usr/bin/dircolorsubuntu
354300x800000000000000026601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:12.691{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54704-false10.0.1.12-8000-
154100x800000000000000026602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:16.889{ec2a2542-2930-6254-80f2-ce6b9c550000}2761/bin/nano-----nano installmips.sh/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu
354300x800000000000000026603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:17.827{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54706-false10.0.1.12-8000-
23542300x800000000000000026604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:22.240{ec2a2542-2930-6254-80f2-ce6b9c550000}2761ubuntu/bin/nano/home/ubuntu/./.installmips.sh.swp---
354300x800000000000000026605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:23.322{ec2a2542-1080-6254-602c-d54703560000}1780/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34418-false10.0.1.12-8089-
354300x800000000000000026606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:23.627{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54710-false10.0.1.12-8000-
354300x800000000000000026607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:28.694{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54712-false10.0.1.12-8000-
23542300x800000000000000026608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:31.825{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:33.803{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54714-false10.0.1.12-8000-
154100x800000000000000026610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:36.748{ec2a2542-2944-6254-68c4-3429e0550000}2762/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec2a2542-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}938---
534500x800000000000000026611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:36.759{ec2a2542-2944-6254-68c4-3429e0550000}2762/bin/psroot
354300x800000000000000026612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:38.810{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54716-false10.0.1.12-8000-
354300x800000000000000026613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:44.800{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54718-false10.0.1.12-8000-
354300x800000000000000026614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:49.830{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54720-false10.0.1.12-8000-
354300x800000000000000026615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:12:55.770{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54722-false10.0.1.12-8000-
354300x800000000000000026616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:01.611{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54724-false10.0.1.12-8000-
23542300x800000000000000026617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:01.815{ec2a2542-1080-6254-602c-d54703560000}1780root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---
354300x800000000000000026618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:06.680{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54726-false10.0.1.12-8000-
534500x800000000000000026620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:07.122{ec2a2542-2930-6254-80f2-ce6b9c550000}2761/bin/nanoubuntu
23542300x800000000000000026619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:07.122{ec2a2542-2930-6254-80f2-ce6b9c550000}2761ubuntu/bin/nano/home/ubuntu/./.installmips.sh.swp---
354300x800000000000000026621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.760{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54728-false10.0.1.12-8000-
534500x800000000000000026622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.815{00000000-0000-0000-0000-000000000000}2763<unknown process>ubuntu
23542300x800000000000000026624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.817{ec2a2542-2928-6254-0834-066f98550000}2749ubuntu/bin/bash/tmp/sh-thd.c5aYmu---
534500x800000000000000026623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:11.817{00000000-0000-0000-0000-000000000000}2764<unknown process>ubuntu
154100x800000000000000026625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:12.309{ec2a2542-2968-6254-e011-ab4b93550000}2765/bin/chmod-----chmod 777 installmips.sh/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{ec2a2542-2928-6254-0834-066f98550000}2749/bin/bash-bashubuntu
534500x800000000000000026626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:12.310{ec2a2542-2968-6254-e011-ab4b93550000}2765/bin/chmodubuntu
154100x800000000000000026627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.314{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudo-----sudo apt-get install gcc-mips-linux-gnu -y/home/ubuntuubuntu{ec2a2542-2929-6254-e803-000000000000}10004no level-{00000000-0000-0000-0000-000000000000}2766---
354300x800000000000000026629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.325{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-40639-false10.0.0.2-53-
354300x800000000000000026628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.325{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudptruefalse127.0.0.1-55541-false127.0.0.53-53-
354300x800000000000000026630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.326{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-35291-false10.0.0.2-53-
354300x800000000000000026632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.337{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-55541-
354300x800000000000000026631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.337{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55541-
354300x800000000000000026634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.340{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40899-
354300x800000000000000026633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.340{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudoubuntuudptruefalse127.0.0.1-40899-false127.0.0.53-53-
534500x800000000000000026636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.344{00000000-0000-0000-0000-000000000000}2768<unknown process>root
23542300x800000000000000026635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.344{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
154100x800000000000000026637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.345{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-get-----apt-get install gcc-mips-linux-gnu -y/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-087e-8fa8c7550000}2767/usr/bin/sudosudoubuntu
154100x800000000000000026638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.350{ec2a2542-296b-6254-7071-ce890f560000}2770/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
23542300x800000000000000026640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.353{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.Nryxaf---
534500x800000000000000026639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.353{ec2a2542-296b-6254-7071-ce890f560000}2770/usr/bin/dpkgroot
23542300x800000000000000026641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.363{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.2jg1wq---
23542300x800000000000000026642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.368{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.rARoUB---
23542300x800000000000000026643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.370{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.mDO5hN---
23542300x800000000000000026644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.372{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.tqD5FY---
23542300x800000000000000026645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.377{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.WXnZ49---
23542300x800000000000000026646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.379{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.ZH37tl---
23542300x800000000000000026647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.384{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.QDj8Tw---
23542300x800000000000000026648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.385{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.zoLpkI---
23542300x800000000000000026649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.387{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.ceLVKT---
23542300x800000000000000026650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.388{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.zWOFb5---
23542300x800000000000000026651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.389{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.UHUCCg---
23542300x800000000000000026652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.391{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.B6LM3r---
23542300x800000000000000026653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.392{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.S9ggvD---
23542300x800000000000000026654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.399{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.9v6RXO---
23542300x800000000000000026655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.402{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.s05Sq0---
23542300x800000000000000026656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.403{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/tmp/fileutl.message.xppaUb---
154100x800000000000000026657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.406{ec2a2542-296b-6254-7071-61af85550000}2771/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
534500x800000000000000026658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.408{ec2a2542-296b-6254-7071-61af85550000}2771/usr/bin/dpkgroot
154100x800000000000000026659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.940{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
154100x800000000000000026669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.943{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash/bin/shroot
154100x800000000000000026660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.943{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dash/bin/shroot
534500x800000000000000026666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.965{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.967{ec2a2542-296b-6254-0000-000000000000}2780-root
23542300x800000000000000026667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:15.967{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.662{ec2a2542-296b-6254-7068-d217b1550000}2773/usr/bin/snaproot
534500x800000000000000026676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.665{ec2a2542-296b-6254-e414-9f738f550000}2773/snap/snapd/15177/usr/bin/snaproot
154100x800000000000000026678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.668{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dash-----sh -c [ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2787---
534500x800000000000000026677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.668{ec2a2542-296b-6254-6822-c99d84550000}2772/bin/dashroot
154100x800000000000000026679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.672{ec2a2542-296c-6254-ea8e-022e65550000}2789/usr/lib/ubuntu-advantage/apt-esm-hook-----/usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke/tmproot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dashshroot
534500x800000000000000026682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296b-6254-0000-000000000000}2787-root
534500x800000000000000026681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296c-6254-68e2-449013560000}2788/bin/dashroot
534500x800000000000000026680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.680{ec2a2542-296c-6254-ea8e-022e65550000}2789/usr/lib/ubuntu-advantage/apt-esm-hookroot
154100x800000000000000026685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.720{ec2a2542-296c-6254-b993-efa628560000}2791/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
534500x800000000000000026684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.721{ec2a2542-296c-6254-0000-000000000000}2790-root
23542300x800000000000000026683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.721{ec2a2542-0ff8-6254-f8ad-704b96550000}485root/lib/systemd/systemd-udevd/run/udev/queue---
534500x800000000000000026686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.726{ec2a2542-296c-6254-b993-efa628560000}2791/usr/lib/apt/methods/httproot
154100x800000000000000026687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.768{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
154100x800000000000000026697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.770{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash/bin/shroot
154100x800000000000000026688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.770{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dash/bin/shroot
354300x800000000000000026689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.783{ec2a2542-1087-6254-d9ff-4d0400000000}1853/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54730-false10.0.1.12-8000-
534500x800000000000000026696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.789{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.811{ec2a2542-296c-6254-7068-189610560000}2793/usr/bin/snaproot
534500x800000000000000026706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.813{ec2a2542-296c-6254-6812-ebdb7c550000}2792/bin/dashroot
534500x800000000000000026705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.813{ec2a2542-296c-6254-e414-f4c48f550000}2793/snap/snapd/15177/usr/bin/snaproot
154100x800000000000000026707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.820{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash-----/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
154100x800000000000000026716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.821{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash/bin/shroot
154100x800000000000000026708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.821{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snap-----/usr/bin/snap advise-snap --from-apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dash/bin/shroot
534500x800000000000000026715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.838{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
534500x800000000000000026717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.867{ec2a2542-296c-6254-7018-a8f9b4550000}2809/usr/bin/snaproot
534500x800000000000000026723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.868{ec2a2542-296c-6254-e4e4-63f6fd550000}2809/snap/snapd/15177/usr/bin/snaproot
23542300x800000000000000026733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.U0Qmar---
23542300x800000000000000026732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.f4kZGb---
23542300x800000000000000026731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.2UbCdW---
23542300x800000000000000026730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.5RmfKG---
23542300x800000000000000026729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.CGYSgr---
23542300x800000000000000026728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.J9VwNb---
23542300x800000000000000026727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.S0bbkW---
23542300x800000000000000026726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.nrLPQG---
23542300x800000000000000026725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.aOFunr---
534500x800000000000000026724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.869{ec2a2542-296c-6254-68c2-d56785550000}2808/bin/dashroot
23542300x800000000000000026743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ShHuUV---
23542300x800000000000000026742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.n7B3qG---
23542300x800000000000000026741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.uvTCXq---
23542300x800000000000000026740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.Voxcub---
23542300x800000000000000026739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.iFrM0V---
23542300x800000000000000026738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.9XEmxG---
23542300x800000000000000026737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.ssaX3q---
23542300x800000000000000026736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.zXXxAb---
23542300x800000000000000026735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.sF786V---
23542300x800000000000000026734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.870{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/cache/apt/archives/partial/.apt-acquire-privs-test.HSFKDG---
154100x800000000000000026744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.873{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/http-----/usr/lib/apt/methods/http/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
354300x800000000000000026746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.888{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-45880-false10.0.0.2-53-
354300x800000000000000026745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.888{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-45144-false127.0.0.53-53-
354300x800000000000000026747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.889{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45144-
354300x800000000000000026750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-50248-false10.0.0.2-53-
354300x800000000000000026749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-44728-false10.0.0.2-53-
354300x800000000000000026748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.890{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httprootudptruefalse127.0.0.1-42486-false127.0.0.53-53-
354300x800000000000000026751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.891{ec2a2542-0ff9-6254-c097-bd9a19560000}737/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42486-
354300x800000000000000026752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:16.892{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/httproottcptruefalse10.0.1.20-41416-false52.15.155.232-80-
534500x800000000000000026753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.486{ec2a2542-296c-6254-b903-9a20ce550000}2823/usr/lib/apt/methods/http_apt
23542300x800000000000000026754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.487{ec2a2542-296b-6254-ccaf-57779a550000}2769root/usr/bin/apt-get/var/log/apt/eipp.log.xz---
154100x800000000000000026755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.592{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dash-----/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
154100x800000000000000026756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.594{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl-----/usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dash/bin/shroot
154100x800000000000000026757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.691{ec2a2542-296d-6254-30b0-40bcef550000}2826/usr/bin/locale-----locale charmap/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot
534500x800000000000000026758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.693{ec2a2542-296d-6254-30b0-40bcef550000}2826/usr/bin/localeroot
154100x800000000000000026759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.850{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot
154100x800000000000000026760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.852{ec2a2542-296d-6254-f0ae-b1eb01560000}2828/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dashshroot
154100x800000000000000026763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dash-----sh -c stty -a 2>/dev/null/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perl/usr/bin/perlroot
534500x800000000000000026762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-6892-3b4764550000}2827/bin/dashroot
534500x800000000000000026761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.855{ec2a2542-296d-6254-f0ae-b1eb01560000}2828/bin/sttyroot
154100x800000000000000026764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.856{ec2a2542-296d-6254-f00e-448cbe550000}2830/bin/stty-----stty -a/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dashshroot
534500x800000000000000026766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.857{ec2a2542-296d-6254-6842-7814ba550000}2829/bin/dashroot
534500x800000000000000026765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.857{ec2a2542-296d-6254-f00e-448cbe550000}2830/bin/sttyroot
154100x800000000000000026767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.861{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplates-----apt-extracttemplates /var/cache/apt/archives/binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb /var/cache/apt/archives/gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/libisl19_0.19-1_amd64.deb /var/cache/apt/archives/libmpc3_1.1.0-1_amd64.deb /var/cache/apt/archives/cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb /var/cache/apt/archives/binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/cache/apt/archives/gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb /var/cache/apt/archives/libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/cache/apt/archives/gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/cache/apt/archives/gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/cache/apt/archives/linux-libc-dev-mips-cross_4.15.0-35.38cross1.2_all.deb /var/cache/apt/archives/libc6-dev-mips-cross_2.27-3ubuntu1cross1.2_all.deb/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{00000000-0000-0000-0000-000000000000}2831---
154100x800000000000000026768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.869{ec2a2542-296d-6254-70a1-ffe5ac550000}2833/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot
23542300x800000000000000026770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.871{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.NM7v9K---
534500x800000000000000026769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.871{ec2a2542-296d-6254-70a1-ffe5ac550000}2833/usr/bin/dpkgroot
23542300x800000000000000026771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.876{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.RAIfn3---
23542300x800000000000000026772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.881{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.N1ZIBl---
23542300x800000000000000026773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.883{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.RBDxQD---
23542300x800000000000000026774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.884{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.vHXC5V---
23542300x800000000000000026775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.889{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jIFrle---
23542300x800000000000000026776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.890{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.huLwBw---
23542300x800000000000000026777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.895{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.PdxlSO---
23542300x800000000000000026778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.896{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.fGsq96---
23542300x800000000000000026779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.898{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.JDkKqp---
23542300x800000000000000026780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.899{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.7y3hIH---
23542300x800000000000000026781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.900{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.F163ZZ---
23542300x800000000000000026782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.902{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.NEh6hi---
23542300x800000000000000026783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.904{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.9CfsAA---
23542300x800000000000000026784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.906{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.lDPdTS---
23542300x800000000000000026785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.908{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.jBkfcb---
23542300x800000000000000026786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.909{ec2a2542-296d-6254-3371-438137560000}2832root/usr/bin/apt-extracttemplates/tmp/fileutl.message.LIyzvt---
154100x800000000000000026787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.910{ec2a2542-296d-6254-7041-435ddf550000}2834/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot
534500x800000000000000026788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.912{ec2a2542-296d-6254-7041-435ddf550000}2834/usr/bin/dpkgroot
154100x800000000000000026789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.944{ec2a2542-296d-6254-70c1-2edd24560000}2835/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesapt-extracttemplatesroot
534500x800000000000000026790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.946{ec2a2542-296d-6254-70c1-2edd24560000}2835/usr/bin/dpkgroot
534500x800000000000000026791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.988{ec2a2542-296d-6254-3371-438137560000}2832/usr/bin/apt-extracttemplatesroot
534500x800000000000000026792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:17.996{ec2a2542-296d-6254-0000-000000000000}2831-root
534500x800000000000000026794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.002{ec2a2542-296d-6254-6892-ad2059550000}2824/bin/dashroot
534500x800000000000000026793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.002{ec2a2542-296d-6254-9807-8a42d8550000}2825/usr/bin/perlroot
154100x800000000000000026795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.026{ec2a2542-296e-6254-7051-8b9624560000}2836/usr/bin/dpkg-----/usr/bin/dpkg --assert-multi-arch/home/ubunturoot{ec2a2542-0000-0000-0000-000000000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
534500x800000000000000026796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.036{ec2a2542-296e-6254-7051-8b9624560000}2836/usr/bin/dpkgroot
154100x800000000000000026797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.038{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg-----/usr/bin/dpkg --status-fd 43 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-qCjo8w/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296b-6254-ccaf-57779a550000}2769/usr/bin/apt-getapt-getroot
154100x800000000000000026798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.055{ec2a2542-296e-6254-d86f-ed2cb0550000}2838/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.058{ec2a2542-296e-6254-d86f-ed2cb0550000}2838/usr/bin/dpkg-splitroot
154100x800000000000000026800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.059{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.062{ec2a2542-296e-6254-b0d3-bc62f3550000}2842/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.062{ec2a2542-296e-6254-0000-000000000000}2840-root
534500x800000000000000026802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.063{ec2a2542-296e-6254-0000-000000000000}2841-root
534500x800000000000000026804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.067{ec2a2542-296e-6254-b0d3-bc62f3550000}2842/bin/tarroot
534500x800000000000000026805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.068{ec2a2542-296e-6254-404a-6f3dcb550000}2839/usr/bin/dpkg-debroot
154100x800000000000000026806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.406{ec2a2542-296e-6254-40aa-dc55a4550000}2843/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/00-binutils-common_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.424{ec2a2542-296e-6254-0000-000000000000}2844-root
534500x800000000000000026808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.431{ec2a2542-296e-6254-0000-000000000000}2845-root
534500x800000000000000026809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.432{ec2a2542-296e-6254-40aa-dc55a4550000}2843/usr/bin/dpkg-debroot
154100x800000000000000026810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.481{ec2a2542-296e-6254-7033-2fb838560000}2846/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.482{ec2a2542-296e-6254-7033-2fb838560000}2846/bin/rmroot
23542300x800000000000000026811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.482{ec2a2542-296e-6254-7033-2fb838560000}2846root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.483{ec2a2542-296e-6254-d8cf-ffe62e560000}2847/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.484{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.484{ec2a2542-296e-6254-d8cf-ffe62e560000}2847/usr/bin/dpkg-splitroot
154100x800000000000000026817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.486{ec2a2542-296e-6254-b023-a7d6ac550000}2851/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.486{ec2a2542-296e-6254-0000-000000000000}2849-root
534500x800000000000000026818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.487{ec2a2542-296e-6254-0000-000000000000}2850-root
534500x800000000000000026819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.489{ec2a2542-296e-6254-b023-a7d6ac550000}2851/bin/tarroot
534500x800000000000000026820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.490{ec2a2542-296e-6254-405a-639fa0550000}2848/usr/bin/dpkg-debroot
154100x800000000000000026821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.507{ec2a2542-296e-6254-40ea-b89275550000}2852/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/01-gcc-7-mips-linux-gnu-base_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.509{ec2a2542-296e-6254-0000-000000000000}2853-root
534500x800000000000000026823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.512{ec2a2542-296e-6254-0000-000000000000}2854-root
534500x800000000000000026824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.513{ec2a2542-296e-6254-40ea-b89275550000}2852/usr/bin/dpkg-debroot
154100x800000000000000026825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.529{ec2a2542-296e-6254-7073-52a421560000}2855/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
23542300x800000000000000026826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.530{ec2a2542-296e-6254-7073-52a421560000}2855root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.531{ec2a2542-296e-6254-d82f-057a08560000}2856/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.531{ec2a2542-296e-6254-7073-52a421560000}2855/bin/rmroot
534500x800000000000000026829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.532{ec2a2542-296e-6254-d82f-057a08560000}2856/usr/bin/dpkg-splitroot
154100x800000000000000026830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.533{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.534{ec2a2542-296e-6254-b083-f58053560000}2860/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.534{ec2a2542-296e-6254-0000-000000000000}2858-root
534500x800000000000000026833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.538{ec2a2542-296e-6254-0000-000000000000}2859-root
534500x800000000000000026835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.539{ec2a2542-296e-6254-40aa-638b97550000}2857/usr/bin/dpkg-debroot
534500x800000000000000026834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.539{ec2a2542-296e-6254-b083-f58053560000}2860/bin/tarroot
154100x800000000000000026836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.568{ec2a2542-296e-6254-406a-1cda94550000}2861/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/02-libisl19_0.19-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.619{ec2a2542-296e-6254-0000-000000000000}2862-root
534500x800000000000000026839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.629{ec2a2542-296e-6254-406a-1cda94550000}2861/usr/bin/dpkg-debroot
534500x800000000000000026838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.629{00000000-0000-0000-0000-000000000000}2863<unknown process>root
154100x800000000000000026840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.668{ec2a2542-296e-6254-70b3-253d2b560000}2864/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.669{ec2a2542-296e-6254-70b3-253d2b560000}2864/bin/rmroot
23542300x800000000000000026841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.669{ec2a2542-296e-6254-70b3-253d2b560000}2864root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.670{ec2a2542-296e-6254-d89f-8a74b4550000}2865/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.671{ec2a2542-296e-6254-d89f-8a74b4550000}2865/usr/bin/dpkg-splitroot
154100x800000000000000026845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.672{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.674{ec2a2542-296e-6254-b093-982e39560000}2869/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.674{ec2a2542-296e-6254-0000-000000000000}2867-root
534500x800000000000000026848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.676{ec2a2542-296e-6254-0000-000000000000}2868-root
534500x800000000000000026850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.677{ec2a2542-296e-6254-40da-5dc575550000}2866/usr/bin/dpkg-debroot
534500x800000000000000026849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.677{ec2a2542-296e-6254-b093-982e39560000}2869/bin/tarroot
154100x800000000000000026851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.702{ec2a2542-296e-6254-401a-4ef791550000}2870/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/03-libmpc3_1.1.0-1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.705{ec2a2542-296e-6254-0000-000000000000}2871-root
534500x800000000000000026854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.710{ec2a2542-296e-6254-401a-4ef791550000}2870/usr/bin/dpkg-debroot
534500x800000000000000026853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.710{00000000-0000-0000-0000-000000000000}2872<unknown process>root
154100x800000000000000026855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.729{ec2a2542-296e-6254-70b3-9d6f73550000}2873/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-d89f-b1522a560000}2874/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-70b3-9d6f73550000}2873/bin/rmroot
23542300x800000000000000026856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.731{ec2a2542-296e-6254-70b3-9d6f73550000}2873root/bin/rm/var/lib/dpkg/tmp.ci/control---
534500x800000000000000026859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.732{ec2a2542-296e-6254-d89f-b1522a560000}2874/usr/bin/dpkg-splitroot
154100x800000000000000026860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.733{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.734{ec2a2542-296e-6254-b073-821964550000}2878/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.735{ec2a2542-296e-6254-0000-000000000000}2876-root
534500x800000000000000026863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.736{ec2a2542-296e-6254-0000-000000000000}2877-root
534500x800000000000000026864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.737{ec2a2542-296e-6254-b073-821964550000}2878/bin/tarroot
534500x800000000000000026865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.738{ec2a2542-296e-6254-40ea-2e2c4d560000}2875/usr/bin/dpkg-debroot
154100x800000000000000026866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.753{ec2a2542-296e-6254-6802-1eea4f560000}2879/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.754{ec2a2542-296e-6254-6802-1eea4f560000}2879/bin/dashroot
154100x800000000000000026868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:18.755{ec2a2542-296e-6254-409a-87c938560000}2880/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/04-cpp-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.317{ec2a2542-296e-6254-0000-000000000000}2881-root
534500x800000000000000026871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.326{ec2a2542-296e-6254-409a-87c938560000}2880/usr/bin/dpkg-debroot
534500x800000000000000026870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.326{00000000-0000-0000-0000-000000000000}2882<unknown process>root
154100x800000000000000026872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.410{ec2a2542-296f-6254-70c3-49017b550000}2883/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
23542300x800000000000000026873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.411{ec2a2542-296f-6254-70c3-49017b550000}2883root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.412{ec2a2542-296f-6254-d86f-17024a560000}2884/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.412{ec2a2542-296f-6254-70c3-49017b550000}2883/bin/rmroot
534500x800000000000000026876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.413{ec2a2542-296f-6254-d86f-17024a560000}2884/usr/bin/dpkg-splitroot
154100x800000000000000026877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.414{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.415{ec2a2542-296f-6254-b093-b0e8ce550000}2888/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.415{ec2a2542-296f-6254-0000-000000000000}2886-root
534500x800000000000000026880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.416{ec2a2542-296f-6254-0000-000000000000}2887-root
534500x800000000000000026882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.418{ec2a2542-296f-6254-40ca-41ec31560000}2885/usr/bin/dpkg-debroot
534500x800000000000000026881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.418{ec2a2542-296f-6254-b093-b0e8ce550000}2888/bin/tarroot
154100x800000000000000026883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.433{ec2a2542-296f-6254-40ca-5a4a7e550000}2889/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/05-cpp-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.435{ec2a2542-296f-6254-0000-000000000000}2890-root
534500x800000000000000026886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.436{ec2a2542-296f-6254-40ca-5a4a7e550000}2889/usr/bin/dpkg-debroot
534500x800000000000000026885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.436{00000000-0000-0000-0000-000000000000}2891<unknown process>root
154100x800000000000000026887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.455{ec2a2542-296f-6254-7033-c52ce9550000}2892/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-d8df-79ad11560000}2893/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-7033-c52ce9550000}2892/bin/rmroot
23542300x800000000000000026888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.457{ec2a2542-296f-6254-7033-c52ce9550000}2892root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.458{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.458{ec2a2542-296f-6254-d8df-79ad11560000}2893/usr/bin/dpkg-splitroot
154100x800000000000000026894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.461{ec2a2542-296f-6254-b0d3-26ffe2550000}2897/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.461{ec2a2542-296f-6254-0000-000000000000}2895-root
534500x800000000000000026895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.462{ec2a2542-296f-6254-0000-000000000000}2896-root
534500x800000000000000026897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.463{ec2a2542-296f-6254-40ea-a70648560000}2894/usr/bin/dpkg-debroot
534500x800000000000000026896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.463{ec2a2542-296f-6254-b0d3-26ffe2550000}2897/bin/tarroot
154100x800000000000000026898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.481{ec2a2542-296f-6254-402a-6a0fe7550000}2898/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/06-gcc-8-cross-base-ports_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.483{ec2a2542-296f-6254-0000-000000000000}2899-root
534500x800000000000000026900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.485{00000000-0000-0000-0000-000000000000}2900<unknown process>root
534500x800000000000000026901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.486{ec2a2542-296f-6254-402a-6a0fe7550000}2898/usr/bin/dpkg-debroot
154100x800000000000000026902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.503{ec2a2542-296f-6254-7073-d41670550000}2901/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-d83f-144f3d560000}2902/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-7073-d41670550000}2901/bin/rmroot
23542300x800000000000000026903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.505{ec2a2542-296f-6254-7073-d41670550000}2901root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.506{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.506{ec2a2542-296f-6254-d83f-144f3d560000}2902/usr/bin/dpkg-splitroot
154100x800000000000000026908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.508{ec2a2542-296f-6254-b0d3-9d7468550000}2906/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.509{ec2a2542-296f-6254-0000-000000000000}2905-root
534500x800000000000000026909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.509{ec2a2542-296f-6254-0000-000000000000}2904-root
534500x800000000000000026911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.510{ec2a2542-296f-6254-b0d3-9d7468550000}2906/bin/tarroot
534500x800000000000000026912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.511{ec2a2542-296f-6254-40ea-404c48560000}2903/usr/bin/dpkg-debroot
154100x800000000000000026913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.533{ec2a2542-296f-6254-403a-ffd9eb550000}2907/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/07-libcc1-0_8.4.0-1ubuntu1~18.04_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.535{ec2a2542-296f-6254-0000-000000000000}2908-root
534500x800000000000000026916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.541{ec2a2542-296f-6254-403a-ffd9eb550000}2907/usr/bin/dpkg-debroot
534500x800000000000000026915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.541{00000000-0000-0000-0000-000000000000}2909<unknown process>root
154100x800000000000000026917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.561{ec2a2542-296f-6254-7053-e2b946560000}2910/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.562{ec2a2542-296f-6254-7053-e2b946560000}2910/bin/rmroot
23542300x800000000000000026918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.562{ec2a2542-296f-6254-7053-e2b946560000}2910root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.563{ec2a2542-296f-6254-d8cf-244cf6550000}2911/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.564{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.564{ec2a2542-296f-6254-d8cf-244cf6550000}2911/usr/bin/dpkg-splitroot
154100x800000000000000026924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.566{ec2a2542-296f-6254-b023-0d527e550000}2915/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.566{ec2a2542-296f-6254-0000-000000000000}2913-root
534500x800000000000000026925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.568{ec2a2542-296f-6254-0000-000000000000}2914-root
534500x800000000000000026927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.572{ec2a2542-296f-6254-407a-323f25560000}2912/usr/bin/dpkg-debroot
534500x800000000000000026926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.572{ec2a2542-296f-6254-b023-0d527e550000}2915/bin/tarroot
154100x800000000000000026928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.591{ec2a2542-296f-6254-404a-8f9c50560000}2916/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/08-binutils-mips-linux-gnu_2.30-21ubuntu1~18.04.7_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.940{ec2a2542-296f-6254-0000-000000000000}2917-root
534500x800000000000000026930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.947{00000000-0000-0000-0000-000000000000}2918<unknown process>root
534500x800000000000000026931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.948{ec2a2542-296f-6254-404a-8f9c50560000}2916/usr/bin/dpkg-debroot
154100x800000000000000026932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.984{ec2a2542-296f-6254-7013-e09370550000}2919/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
23542300x800000000000000026933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.985{ec2a2542-296f-6254-7013-e09370550000}2919root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.986{ec2a2542-296f-6254-d8bf-49c8db550000}2920/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.986{ec2a2542-296f-6254-7013-e09370550000}2919/bin/rmroot
154100x800000000000000026937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.987{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.987{ec2a2542-296f-6254-d8bf-49c8db550000}2920/usr/bin/dpkg-splitroot
154100x800000000000000026940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.989{ec2a2542-296f-6254-b053-2aee61550000}2924/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.989{ec2a2542-296f-6254-0000-000000000000}2922-root
534500x800000000000000026939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.990{ec2a2542-296f-6254-0000-000000000000}2923-root
534500x800000000000000026942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.994{ec2a2542-296f-6254-40da-f1a485550000}2921/usr/bin/dpkg-debroot
534500x800000000000000026941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:19.994{ec2a2542-296f-6254-b053-2aee61550000}2924/bin/tarroot
154100x800000000000000026943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.011{ec2a2542-2970-6254-40aa-c86811560000}2925/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/09-gcc-7-cross-base-ports_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.013{ec2a2542-2970-6254-0000-000000000000}2926-root
534500x800000000000000026945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.015{ec2a2542-2970-6254-0000-000000000000}2927-root
534500x800000000000000026946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.016{ec2a2542-2970-6254-40aa-c86811560000}2925/usr/bin/dpkg-debroot
154100x800000000000000026947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.038{ec2a2542-2970-6254-7043-5f49d2550000}2928/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.039{ec2a2542-2970-6254-7043-5f49d2550000}2928/bin/rmroot
23542300x800000000000000026948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.039{ec2a2542-2970-6254-7043-5f49d2550000}2928root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.041{ec2a2542-2970-6254-d8ef-1ad559550000}2929/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.042{ec2a2542-2970-6254-d8ef-1ad559550000}2929/usr/bin/dpkg-splitroot
154100x800000000000000026952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.043{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.044{ec2a2542-2970-6254-b0d3-850fba550000}2933/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.044{ec2a2542-2970-6254-0000-000000000000}2931-root
534500x800000000000000026955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.046{ec2a2542-2970-6254-0000-000000000000}2932-root
534500x800000000000000026957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.047{ec2a2542-2970-6254-404a-a36c2f560000}2930/usr/bin/dpkg-debroot
534500x800000000000000026956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.047{ec2a2542-2970-6254-b0d3-850fba550000}2933/bin/tarroot
154100x800000000000000026958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.068{ec2a2542-2970-6254-407a-468640560000}2934/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/10-libc6-mips-cross_2.27-3ubuntu1cross1.2_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.179{ec2a2542-2970-6254-0000-000000000000}2935-root
534500x800000000000000026960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.191{ec2a2542-2970-6254-0000-000000000000}2936-root
534500x800000000000000026961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.192{ec2a2542-2970-6254-407a-468640560000}2934/usr/bin/dpkg-debroot
154100x800000000000000026962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.221{ec2a2542-2970-6254-7003-832859550000}2937/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.222{ec2a2542-2970-6254-7003-832859550000}2937/bin/rmroot
23542300x800000000000000026963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.222{ec2a2542-2970-6254-7003-832859550000}2937root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.223{ec2a2542-2970-6254-d86f-eb04bc550000}2938/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.224{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.224{ec2a2542-2970-6254-d86f-eb04bc550000}2938/usr/bin/dpkg-splitroot
154100x800000000000000026969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.226{ec2a2542-2970-6254-b0d3-fa365d550000}2942/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.226{ec2a2542-2970-6254-0000-000000000000}2940-root
534500x800000000000000026970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.228{ec2a2542-2970-6254-0000-000000000000}2941-root
534500x800000000000000026972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.229{ec2a2542-2970-6254-407a-4091e0550000}2939/usr/bin/dpkg-debroot
534500x800000000000000026971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.229{ec2a2542-2970-6254-b0d3-fa365d550000}2942/bin/tarroot
154100x800000000000000026973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.249{ec2a2542-2970-6254-404a-c8505c550000}2943/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/11-libgcc1-mips-cross_1%3a8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.250{ec2a2542-2970-6254-0000-000000000000}2944-root
534500x800000000000000026975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.255{00000000-0000-0000-0000-000000000000}2945<unknown process>root
534500x800000000000000026976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.256{ec2a2542-2970-6254-404a-c8505c550000}2943/usr/bin/dpkg-debroot
154100x800000000000000026977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.274{ec2a2542-2970-6254-70d3-e2db68550000}2946/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-d87f-301216560000}2947/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-70d3-e2db68550000}2946/bin/rmroot
23542300x800000000000000026978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.275{ec2a2542-2970-6254-70d3-e2db68550000}2946root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000026982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.277{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.277{ec2a2542-2970-6254-d87f-301216560000}2947/usr/bin/dpkg-splitroot
154100x800000000000000026984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.279{ec2a2542-2970-6254-b0c3-9577dc550000}2951/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.279{ec2a2542-2970-6254-0000-000000000000}2949-root
534500x800000000000000026985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.280{ec2a2542-2970-6254-0000-000000000000}2950-root
534500x800000000000000026987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.281{ec2a2542-2970-6254-401a-693aa7550000}2948/usr/bin/dpkg-debroot
534500x800000000000000026986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.281{ec2a2542-2970-6254-b0c3-9577dc550000}2951/bin/tarroot
154100x800000000000000026988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.299{ec2a2542-2970-6254-40fa-f3109e550000}2952/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/12-libgomp1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.304{ec2a2542-2970-6254-0000-000000000000}2953-root
534500x800000000000000026990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.315{ec2a2542-2970-6254-0000-000000000000}2954-root
534500x800000000000000026991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.316{ec2a2542-2970-6254-40fa-f3109e550000}2952/usr/bin/dpkg-debroot
154100x800000000000000026992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.332{ec2a2542-2970-6254-7033-5cb100560000}2955/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-d89f-3732db550000}2956/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000026994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-7033-5cb100560000}2955/bin/rmroot
23542300x800000000000000026993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.333{ec2a2542-2970-6254-7033-5cb100560000}2955root/bin/rm/var/lib/dpkg/tmp.ci/control---
534500x800000000000000026996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.338{ec2a2542-2970-6254-d89f-3732db550000}2956/usr/bin/dpkg-splitroot
154100x800000000000000026997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.339{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000026999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.341{ec2a2542-2970-6254-b013-b07829560000}2960/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000026998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.341{ec2a2542-2970-6254-0000-000000000000}2958-root
534500x800000000000000027000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.342{ec2a2542-2970-6254-0000-000000000000}2959-root
534500x800000000000000027002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.344{ec2a2542-2970-6254-400a-42bc63550000}2957/usr/bin/dpkg-debroot
534500x800000000000000027001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.344{ec2a2542-2970-6254-b013-b07829560000}2960/bin/tarroot
154100x800000000000000027003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.363{ec2a2542-2970-6254-404a-0a05ca550000}2961/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/13-libatomic1-mips-cross_8.4.0-1ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.365{ec2a2542-2970-6254-0000-000000000000}2962-root
534500x800000000000000027006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.366{ec2a2542-2970-6254-404a-0a05ca550000}2961/usr/bin/dpkg-debroot
534500x800000000000000027005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.366{ec2a2542-2970-6254-0000-000000000000}2963-root
154100x800000000000000027007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.385{ec2a2542-2970-6254-70b3-f83e49560000}2964/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000027010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-d8df-9179d5550000}2965/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-70b3-f83e49560000}2964/bin/rmroot
23542300x800000000000000027008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.387{ec2a2542-2970-6254-70b3-f83e49560000}2964root/bin/rm/var/lib/dpkg/tmp.ci/control---
534500x800000000000000027011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.388{ec2a2542-2970-6254-d8df-9179d5550000}2965/usr/bin/dpkg-splitroot
154100x800000000000000027012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.389{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000027014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.390{ec2a2542-2970-6254-b023-67bc74550000}2969/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000027013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.390{ec2a2542-2970-6254-0000-000000000000}2967-root
534500x800000000000000027015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.392{ec2a2542-2970-6254-0000-000000000000}2968-root
534500x800000000000000027016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.393{ec2a2542-2970-6254-b023-67bc74550000}2969/bin/tarroot
534500x800000000000000027017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.394{ec2a2542-2970-6254-40fa-1a4ded550000}2966/usr/bin/dpkg-debroot
154100x800000000000000027018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.408{ec2a2542-2970-6254-40ca-4f3e4d560000}2970/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/14-libgcc-7-dev-mips-cross_7.5.0-3ubuntu1~18.04cross1_all.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.437{ec2a2542-2970-6254-0000-000000000000}2971-root
534500x800000000000000027021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.446{ec2a2542-2970-6254-40ca-4f3e4d560000}2970/usr/bin/dpkg-debroot
534500x800000000000000027020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.446{00000000-0000-0000-0000-000000000000}2972<unknown process>root
154100x800000000000000027022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.502{ec2a2542-2970-6254-7093-73acf2550000}2973/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.503{ec2a2542-2970-6254-7093-73acf2550000}2973/bin/rmroot
23542300x800000000000000027023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.503{ec2a2542-2970-6254-7093-73acf2550000}2973root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000027025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.504{ec2a2542-2970-6254-d88f-c77b04560000}2974/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000027027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.505{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.505{ec2a2542-2970-6254-d88f-c77b04560000}2974/usr/bin/dpkg-splitroot
154100x800000000000000027029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.507{ec2a2542-2970-6254-b0d3-49be6a550000}2978/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000027028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.507{ec2a2542-2970-6254-0000-000000000000}2976-root
534500x800000000000000027030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.508{ec2a2542-2970-6254-0000-000000000000}2977-root
534500x800000000000000027032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.509{ec2a2542-2970-6254-407a-206a41560000}2975/usr/bin/dpkg-debroot
534500x800000000000000027031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.509{ec2a2542-2970-6254-b0d3-49be6a550000}2978/bin/tarroot
154100x800000000000000027033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.527{ec2a2542-2970-6254-6892-0361dc550000}2979/bin/dash-----/bin/sh /var/lib/dpkg/tmp.ci/preinst install/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.528{ec2a2542-2970-6254-6892-0361dc550000}2979/bin/dashroot
154100x800000000000000027035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:20.529{ec2a2542-2970-6254-40da-d15b2a560000}2980/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/15-gcc-7-mips-linux-gnu_7.5.0-3ubuntu1~18.04cross1_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.193{ec2a2542-2970-6254-0000-000000000000}2981-root
534500x800000000000000027038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.198{ec2a2542-2970-6254-40da-d15b2a560000}2980/usr/bin/dpkg-debroot
534500x800000000000000027037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.198{ec2a2542-2970-6254-0000-000000000000}2982-root
154100x800000000000000027039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.242{ec2a2542-2971-6254-70a3-97f0d5550000}2983/bin/rm-----rm -rf -- /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.243{ec2a2542-2971-6254-70a3-97f0d5550000}2983/bin/rmroot
23542300x800000000000000027040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.243{ec2a2542-2971-6254-70a3-97f0d5550000}2983root/bin/rm/var/lib/dpkg/tmp.ci/control---
154100x800000000000000027042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.244{ec2a2542-2971-6254-d82f-e407dc550000}2984/usr/bin/dpkg-split-----dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
154100x800000000000000027044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.245{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-deb-----dpkg-deb --control /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-linux-gnu_4%3a7.4.0-1ubuntu1.3_amd64.deb /var/lib/dpkg/tmp.ci/root{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-296e-6254-7061-78cc17560000}2837/usr/bin/dpkg/usr/bin/dpkgroot
534500x800000000000000027043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.245{ec2a2542-2971-6254-d82f-e407dc550000}2984/usr/bin/dpkg-splitroot
154100x800000000000000027046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.247{ec2a2542-2971-6254-b073-f2e374550000}2988/bin/tar-----tar -x -f - --warning=no-timestamp/var/lib/dpkg/tmp.ciroot{ec2a2542-0000-0000-0000-000001000000}04no level-{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-debdpkg-debroot
534500x800000000000000027045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.247{ec2a2542-2971-6254-0000-000000000000}2986-root
534500x800000000000000027047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.248{ec2a2542-2971-6254-0000-000000000000}2987-root
534500x800000000000000027048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.249{ec2a2542-2971-6254-b073-f2e374550000}2988/bin/tarroot
534500x800000000000000027049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.250{ec2a2542-2971-6254-406a-85a923560000}2985/usr/bin/dpkg-debroot
154100x800000000000000027050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-7283-2022-04-11 13:13:21.262{ec2a2542-2971-6254-407a-1f563a560000}2989/usr/bin/dpkg-deb-----dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-qCjo8w/16-gcc-mips-