11241100x8000000000000000691469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe72129f580cc2f2023-02-07 15:09:21.096root 11241100x8000000000000000691468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf5d28f76993a22023-02-07 15:09:21.096root 11241100x8000000000000000691467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b3dff9d95021412023-02-07 15:09:21.096root 11241100x8000000000000000691466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e58c66aa40d022023-02-07 15:09:21.096root 11241100x8000000000000000691465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87682c688744b4542023-02-07 15:09:21.096root 11241100x8000000000000000691464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bcdc2d1b3dc5b02023-02-07 15:09:21.096root 11241100x8000000000000000691463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb31a3331aa8b4522023-02-07 15:09:21.096root 11241100x8000000000000000691462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca4a469075c3e5d2023-02-07 15:09:21.096root 11241100x8000000000000000691461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4f46a06d3b7572023-02-07 15:09:21.096root 11241100x8000000000000000691477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef189dc07e4d192023-02-07 15:09:21.097root 11241100x8000000000000000691476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f191961b82b572023-02-07 15:09:21.097root 11241100x8000000000000000691475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bbbcf5bd85dd602023-02-07 15:09:21.097root 11241100x8000000000000000691474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727b34ed3ba909662023-02-07 15:09:21.097root 11241100x8000000000000000691473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4000e197341a12023-02-07 15:09:21.097root 11241100x8000000000000000691472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c31ad01f388272023-02-07 15:09:21.097root 11241100x8000000000000000691471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f08fd5bd4b6cd2023-02-07 15:09:21.097root 11241100x8000000000000000691470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d12d68e29deafd2023-02-07 15:09:21.097root 11241100x8000000000000000691487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429ca811d80eb7ed2023-02-07 15:09:21.098root 11241100x8000000000000000691486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6291d10fc11c6d2023-02-07 15:09:21.098root 11241100x8000000000000000691485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf91ba723216c5de2023-02-07 15:09:21.098root 11241100x8000000000000000691484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130999f5d2cbaa32023-02-07 15:09:21.098root 11241100x8000000000000000691483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7441cdbcbb69782023-02-07 15:09:21.098root 11241100x8000000000000000691482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1215093404f095e2023-02-07 15:09:21.098root 11241100x8000000000000000691481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ddc8ff8bab6e592023-02-07 15:09:21.098root 11241100x8000000000000000691480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd3993effc9e6312023-02-07 15:09:21.098root 11241100x8000000000000000691479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b66a40e738fe682023-02-07 15:09:21.098root 11241100x8000000000000000691478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704e0d1065806322023-02-07 15:09:21.098root 11241100x8000000000000000691490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf06a450077fd2d2023-02-07 15:09:21.099root 11241100x8000000000000000691489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baade96aacb4a2da2023-02-07 15:09:21.099root 11241100x8000000000000000691488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114ddf11c0f5bb232023-02-07 15:09:21.099root 11241100x8000000000000000691495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c8fbb29feac9762023-02-07 15:09:21.103root 11241100x8000000000000000691494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e4b3668e7f7212023-02-07 15:09:21.103root 11241100x8000000000000000691493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79141fcf548e7852023-02-07 15:09:21.103root 11241100x8000000000000000691492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36270be5e012d0b02023-02-07 15:09:21.103root 11241100x8000000000000000691491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a8eb80fc75809c2023-02-07 15:09:21.103root 11241100x8000000000000000691506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2267b30114f9f6a2023-02-07 15:09:21.104root 11241100x8000000000000000691505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2878f84db282fa2023-02-07 15:09:21.104root 11241100x8000000000000000691504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ccb4b1f93fe8572023-02-07 15:09:21.104root 11241100x8000000000000000691503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf299bd7971ae5d32023-02-07 15:09:21.104root 11241100x8000000000000000691502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe0e4d4e1a48e12023-02-07 15:09:21.104root 11241100x8000000000000000691501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561c7128c1c80df2023-02-07 15:09:21.104root 11241100x8000000000000000691500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef10739af28844c2023-02-07 15:09:21.104root 11241100x8000000000000000691499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6184479ad180a962023-02-07 15:09:21.104root 11241100x8000000000000000691498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976a98706dd0e542023-02-07 15:09:21.104root 11241100x8000000000000000691497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66321fc3906a6442023-02-07 15:09:21.104root 11241100x8000000000000000691496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef719ed3053ca92023-02-07 15:09:21.104root 11241100x8000000000000000691511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b8f967f9685232023-02-07 15:09:21.595root 11241100x8000000000000000691510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8138545f6b54bba72023-02-07 15:09:21.595root 11241100x8000000000000000691509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bc69bbf83562492023-02-07 15:09:21.595root 11241100x8000000000000000691508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aebbc85b0a01d7c2023-02-07 15:09:21.595root 11241100x8000000000000000691507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50805d950ce2c972023-02-07 15:09:21.595root 11241100x8000000000000000691520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55011e7ddd6bff0d2023-02-07 15:09:21.596root 11241100x8000000000000000691519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f807ae71538e012023-02-07 15:09:21.596root 11241100x8000000000000000691518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a875aae2d4dd25c92023-02-07 15:09:21.596root 11241100x8000000000000000691517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f0f25dec7df8f2023-02-07 15:09:21.596root 11241100x8000000000000000691516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23996ceb57f6c4a82023-02-07 15:09:21.596root 11241100x8000000000000000691515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81bd3274584d8e2023-02-07 15:09:21.596root 11241100x8000000000000000691514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f621892c47f0b2023-02-07 15:09:21.596root 11241100x8000000000000000691513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c2dfc667da64d2023-02-07 15:09:21.596root 11241100x8000000000000000691512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaad02d2687eed8e2023-02-07 15:09:21.596root 11241100x8000000000000000691527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a73f7ba68d5f0e2023-02-07 15:09:21.597root 11241100x8000000000000000691526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a605c612e160ff232023-02-07 15:09:21.597root 11241100x8000000000000000691525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea55ed003719d1c2023-02-07 15:09:21.597root 11241100x8000000000000000691524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cecfb881b42414e2023-02-07 15:09:21.597root 11241100x8000000000000000691523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3425c21083c8a55c2023-02-07 15:09:21.597root 11241100x8000000000000000691522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af3baaee55045182023-02-07 15:09:21.597root 11241100x8000000000000000691521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f007332ba156d32023-02-07 15:09:21.597root 11241100x8000000000000000691533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6182d37e4ada62023-02-07 15:09:21.598root 11241100x8000000000000000691532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25aeda2318ad082023-02-07 15:09:21.598root 11241100x8000000000000000691531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d956e4e023185a3b2023-02-07 15:09:21.598root 11241100x8000000000000000691530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35d22e42fa2a092023-02-07 15:09:21.598root 11241100x8000000000000000691529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506bf3eef28245852023-02-07 15:09:21.598root 11241100x8000000000000000691528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1bb46457807552023-02-07 15:09:21.598root 11241100x8000000000000000691539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6365bd9a373302023-02-07 15:09:21.599root 11241100x8000000000000000691538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbe292259525c642023-02-07 15:09:21.599root 11241100x8000000000000000691537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897ad271a20a79d42023-02-07 15:09:21.599root 11241100x8000000000000000691536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ce5001280d95b2023-02-07 15:09:21.599root 11241100x8000000000000000691535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e9b08ee623e5712023-02-07 15:09:21.599root 11241100x8000000000000000691534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b21c62e71e15b32023-02-07 15:09:21.599root 11241100x8000000000000000691545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bb30c1c20d8e382023-02-07 15:09:21.600root 11241100x8000000000000000691544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c6281b6663cdb2023-02-07 15:09:21.600root 11241100x8000000000000000691543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e63d228309c6b12023-02-07 15:09:21.600root 11241100x8000000000000000691542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de7cdb738bbcf262023-02-07 15:09:21.600root 11241100x8000000000000000691541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a342311853b8fb2023-02-07 15:09:21.600root 11241100x8000000000000000691540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f1aa89655f08212023-02-07 15:09:21.600root 11241100x8000000000000000691548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34c38eded14acd32023-02-07 15:09:21.601root 11241100x8000000000000000691547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b02e83a75ddd13e2023-02-07 15:09:21.601root 11241100x8000000000000000691546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f097e1afd0d1f2023-02-07 15:09:21.601root 11241100x8000000000000000691552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bccbe3a78f9ecc92023-02-07 15:09:22.095root 11241100x8000000000000000691551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184be7c3051a0a22023-02-07 15:09:22.095root 11241100x8000000000000000691550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3354901b4a818df42023-02-07 15:09:22.095root 11241100x8000000000000000691549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900e745f40ddbe102023-02-07 15:09:22.095root 11241100x8000000000000000691557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ece1332f12a3c0d2023-02-07 15:09:22.096root 11241100x8000000000000000691556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2f9b9ce19745c02023-02-07 15:09:22.096root 11241100x8000000000000000691555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6f260ff512c9f02023-02-07 15:09:22.096root 11241100x8000000000000000691554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c5f9dd62f7568b2023-02-07 15:09:22.096root 11241100x8000000000000000691553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b682e4bf7220be132023-02-07 15:09:22.096root 11241100x8000000000000000691562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26a15de1b1f7b322023-02-07 15:09:22.097root 11241100x8000000000000000691561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c880d631cd7a12023-02-07 15:09:22.097root 11241100x8000000000000000691560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2850c2cb16c9ccbe2023-02-07 15:09:22.097root 11241100x8000000000000000691559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6835b9607801b2023-02-07 15:09:22.097root 11241100x8000000000000000691558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527bcebcffc637a2023-02-07 15:09:22.097root 11241100x8000000000000000691566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d5e8703f5a6fc12023-02-07 15:09:22.098root 11241100x8000000000000000691565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37ed6c1abcd6dc12023-02-07 15:09:22.098root 11241100x8000000000000000691564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f22f9865059b172023-02-07 15:09:22.098root 11241100x8000000000000000691563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00198cd8ee9ef9c52023-02-07 15:09:22.098root 11241100x8000000000000000691569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36067599e7b13de2023-02-07 15:09:22.099root 11241100x8000000000000000691568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735e94c4ca2f58be2023-02-07 15:09:22.099root 11241100x8000000000000000691567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507ec807cfbcdf02023-02-07 15:09:22.099root 11241100x8000000000000000691571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4714eef84827b42023-02-07 15:09:22.100root 11241100x8000000000000000691570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d65e520ec422cc2023-02-07 15:09:22.100root 11241100x8000000000000000691573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd005928c02873942023-02-07 15:09:22.101root 11241100x8000000000000000691572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c1ccabfccc4782023-02-07 15:09:22.101root 11241100x8000000000000000691577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8335acd329c7cc132023-02-07 15:09:22.102root 11241100x8000000000000000691576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c014f88acd6bdb32023-02-07 15:09:22.102root 11241100x8000000000000000691575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da1ef7933717d092023-02-07 15:09:22.102root 11241100x8000000000000000691574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aca01fba388555f2023-02-07 15:09:22.102root 11241100x8000000000000000691580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225aa80e0fa92d462023-02-07 15:09:22.103root 11241100x8000000000000000691579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45057841d28fb7cf2023-02-07 15:09:22.103root 11241100x8000000000000000691578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9157450939b53e2023-02-07 15:09:22.103root 11241100x8000000000000000691584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963523bfeb2a29d2023-02-07 15:09:22.104root 11241100x8000000000000000691583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fc8971946c32542023-02-07 15:09:22.104root 11241100x8000000000000000691582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a19d7b18d0c5b62023-02-07 15:09:22.104root 11241100x8000000000000000691581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b2a237a6e308a82023-02-07 15:09:22.104root 11241100x8000000000000000691586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f93e24d39e7a562023-02-07 15:09:22.595root 11241100x8000000000000000691585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2d48abdd755c312023-02-07 15:09:22.595root 11241100x8000000000000000691589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f27c8dd1c7858512023-02-07 15:09:22.596root 11241100x8000000000000000691588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f598d24f537602023-02-07 15:09:22.596root 11241100x8000000000000000691587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81d0fab10d7973f2023-02-07 15:09:22.596root 11241100x8000000000000000691593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b59b0267450712e2023-02-07 15:09:22.597root 11241100x8000000000000000691592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5f9cb2206b895c2023-02-07 15:09:22.597root 11241100x8000000000000000691591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a3bd20d5ddd6a2023-02-07 15:09:22.597root 11241100x8000000000000000691590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb17e6e7a2b35c02023-02-07 15:09:22.597root 11241100x8000000000000000691595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abd707dda0242662023-02-07 15:09:22.598root 11241100x8000000000000000691594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e3804686ebd2f52023-02-07 15:09:22.598root 11241100x8000000000000000691597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4cc4cf5ac25ad2023-02-07 15:09:22.599root 11241100x8000000000000000691596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f887a68d39c1f9cf2023-02-07 15:09:22.599root 11241100x8000000000000000691601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aec9835bd61dc02023-02-07 15:09:22.600root 11241100x8000000000000000691600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3bc85624fcb9e2023-02-07 15:09:22.600root 11241100x8000000000000000691599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4715a3961d4407192023-02-07 15:09:22.600root 11241100x8000000000000000691598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593290e7dc0ad3762023-02-07 15:09:22.600root 11241100x8000000000000000691609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0828ec57d9da88db2023-02-07 15:09:22.601root 11241100x8000000000000000691608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531f28f6d8dd2752023-02-07 15:09:22.601root 11241100x8000000000000000691607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b86ee9a7797f8822023-02-07 15:09:22.601root 11241100x8000000000000000691606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14176ec02dd391a82023-02-07 15:09:22.601root 11241100x8000000000000000691605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cefe2c762a9dd82023-02-07 15:09:22.601root 11241100x8000000000000000691604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f82d824652873392023-02-07 15:09:22.601root 11241100x8000000000000000691603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad4bbdbb0c934cc2023-02-07 15:09:22.601root 11241100x8000000000000000691602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5b50ecc1ba1f8d2023-02-07 15:09:22.601root 11241100x8000000000000000691615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f9a7a1bd9d1522023-02-07 15:09:22.602root 11241100x8000000000000000691614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494b4a76547c4fbe2023-02-07 15:09:22.602root 11241100x8000000000000000691613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14de8f7576dcd41f2023-02-07 15:09:22.602root 11241100x8000000000000000691612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a56a50861a5b502023-02-07 15:09:22.602root 11241100x8000000000000000691611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbfddacea8847cb2023-02-07 15:09:22.602root 11241100x8000000000000000691610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ea65c75d741b02023-02-07 15:09:22.602root 11241100x8000000000000000691616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ffe8c4c9c658df2023-02-07 15:09:22.606root 11241100x8000000000000000691620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54538ded120be0682023-02-07 15:09:22.607root 11241100x8000000000000000691619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5ce02c4640c4972023-02-07 15:09:22.607root 11241100x8000000000000000691618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b79a7689a97982023-02-07 15:09:22.607root 11241100x8000000000000000691617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fc4532e40ebb4e2023-02-07 15:09:22.607root 11241100x8000000000000000691625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc25414272870d2023-02-07 15:09:23.095root 11241100x8000000000000000691624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe2230f9b7aca92023-02-07 15:09:23.095root 11241100x8000000000000000691623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adad82816255e882023-02-07 15:09:23.095root 11241100x8000000000000000691622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5d7e64df0ff2e82023-02-07 15:09:23.095root 11241100x8000000000000000691621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab842ca6e2b72c2023-02-07 15:09:23.095root 11241100x8000000000000000691631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6071f2c4fc91f4a2023-02-07 15:09:23.096root 11241100x8000000000000000691630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0c9153cf5c3262023-02-07 15:09:23.096root 11241100x8000000000000000691629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7742f0e40967202023-02-07 15:09:23.096root 11241100x8000000000000000691628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d013fac870cd50f62023-02-07 15:09:23.096root 11241100x8000000000000000691627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea4770ea8386f722023-02-07 15:09:23.096root 11241100x8000000000000000691626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6e7f4353eab572023-02-07 15:09:23.096root 11241100x8000000000000000691637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f41d67c766a4e02023-02-07 15:09:23.097root 11241100x8000000000000000691636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77723657a27c30692023-02-07 15:09:23.097root 11241100x8000000000000000691635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066f5aa15d471c242023-02-07 15:09:23.097root 11241100x8000000000000000691634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ecf31fba73d2ac2023-02-07 15:09:23.097root 11241100x8000000000000000691633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9064e8cae0f785c32023-02-07 15:09:23.097root 11241100x8000000000000000691632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21160ccde9ba4d5b2023-02-07 15:09:23.097root 11241100x8000000000000000691642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e338ec34a7c4afbf2023-02-07 15:09:23.098root 11241100x8000000000000000691641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208623a5d32644692023-02-07 15:09:23.098root 11241100x8000000000000000691640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea582cdd9d93a112023-02-07 15:09:23.098root 11241100x8000000000000000691639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23cec8496c5af0c2023-02-07 15:09:23.098root 11241100x8000000000000000691638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3f49c62676e3b2023-02-07 15:09:23.098root 11241100x8000000000000000691645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b73a25e04fe82d42023-02-07 15:09:23.099root 11241100x8000000000000000691644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36458ce31e11ce9f2023-02-07 15:09:23.099root 11241100x8000000000000000691643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02afd49728ba32142023-02-07 15:09:23.099root 11241100x8000000000000000691651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255bc2392ead8522023-02-07 15:09:23.100root 11241100x8000000000000000691650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c2e4bd736b7f02023-02-07 15:09:23.100root 11241100x8000000000000000691649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3244e1d15f1e07e62023-02-07 15:09:23.100root 11241100x8000000000000000691648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb07276190c70af42023-02-07 15:09:23.100root 11241100x8000000000000000691647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada305e9e2d44ccd2023-02-07 15:09:23.100root 11241100x8000000000000000691646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63072cb3a5ac528e2023-02-07 15:09:23.100root 11241100x8000000000000000691659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7f6db67c28f0e2023-02-07 15:09:23.101root 11241100x8000000000000000691658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88141ffc783e9382023-02-07 15:09:23.101root 11241100x8000000000000000691657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75075254c4793ca72023-02-07 15:09:23.101root 11241100x8000000000000000691656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e89f53003c0912023-02-07 15:09:23.101root 11241100x8000000000000000691655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2080d36ed14e0b172023-02-07 15:09:23.101root 11241100x8000000000000000691654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cddf64885a06bc2023-02-07 15:09:23.101root 11241100x8000000000000000691653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796ecfb4213cabcc2023-02-07 15:09:23.101root 11241100x8000000000000000691652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ca982ba77636612023-02-07 15:09:23.101root 11241100x8000000000000000691662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ab59b3af634fb12023-02-07 15:09:23.102root 11241100x8000000000000000691661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaa2fcdabffeb9b2023-02-07 15:09:23.102root 11241100x8000000000000000691660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c739a11e4f7a7d2023-02-07 15:09:23.102root 11241100x8000000000000000691663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302045a912d954a72023-02-07 15:09:23.595root 11241100x8000000000000000691664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204755423905f7532023-02-07 15:09:23.596root 11241100x8000000000000000691669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c32f7a8614c6262023-02-07 15:09:23.597root 11241100x8000000000000000691668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e931c28773f452023-02-07 15:09:23.597root 11241100x8000000000000000691667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037c9772b40166b72023-02-07 15:09:23.597root 11241100x8000000000000000691666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2095918329178fb02023-02-07 15:09:23.597root 11241100x8000000000000000691665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5653f769a0c9622023-02-07 15:09:23.597root 11241100x8000000000000000691674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be50442b21602c2023-02-07 15:09:23.598root 11241100x8000000000000000691673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53b41f3818cd4c42023-02-07 15:09:23.598root 11241100x8000000000000000691672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1646dd270b0da7902023-02-07 15:09:23.598root 11241100x8000000000000000691671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ea42e48f9d7882023-02-07 15:09:23.598root 11241100x8000000000000000691670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce60095ffd0ac6e2023-02-07 15:09:23.598root 11241100x8000000000000000691677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af704797a12370e2023-02-07 15:09:23.599root 11241100x8000000000000000691676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f74d004b76d41992023-02-07 15:09:23.599root 11241100x8000000000000000691675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad02f249a0273832023-02-07 15:09:23.599root 11241100x8000000000000000691681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b9a4f6643e89a62023-02-07 15:09:23.600root 11241100x8000000000000000691680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e83a028ec151462023-02-07 15:09:23.600root 11241100x8000000000000000691679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d86f247c98215d2023-02-07 15:09:23.600root 11241100x8000000000000000691678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaf2ad6685274d22023-02-07 15:09:23.600root 11241100x8000000000000000691683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626973f3a3adc3e82023-02-07 15:09:23.601root 11241100x8000000000000000691682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a737e51785d4a42023-02-07 15:09:23.601root 11241100x8000000000000000691686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bade3fd31eafd002023-02-07 15:09:23.602root 11241100x8000000000000000691685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150314d6d9eba42d2023-02-07 15:09:23.602root 11241100x8000000000000000691684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093c6f9ef89b6dd92023-02-07 15:09:23.602root 11241100x8000000000000000691687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7fa52df9e60d992023-02-07 15:09:23.603root 11241100x8000000000000000691689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6d5e3f384614622023-02-07 15:09:23.604root 11241100x8000000000000000691688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178232fb7759e20d2023-02-07 15:09:23.604root 11241100x8000000000000000691692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3c7e35f2d45d152023-02-07 15:09:23.605root 11241100x8000000000000000691691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1f1df7e0323962023-02-07 15:09:23.605root 11241100x8000000000000000691690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca7ad0c04b276ae2023-02-07 15:09:23.605root 11241100x8000000000000000691694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddec756e8a6960162023-02-07 15:09:23.606root 11241100x8000000000000000691693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02978fef6c141bb02023-02-07 15:09:23.606root 11241100x8000000000000000691696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2e32600e81e5712023-02-07 15:09:24.095root 11241100x8000000000000000691695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d431f67c82921bb2023-02-07 15:09:24.095root 11241100x8000000000000000691699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e883d46bf66d15522023-02-07 15:09:24.096root 11241100x8000000000000000691698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e4370f12e16a72023-02-07 15:09:24.096root 11241100x8000000000000000691697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69775938dfceee92023-02-07 15:09:24.096root 11241100x8000000000000000691702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19cfc03c73372352023-02-07 15:09:24.097root 11241100x8000000000000000691701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb315e896779f5862023-02-07 15:09:24.097root 11241100x8000000000000000691700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91698c99363b7c22023-02-07 15:09:24.097root 11241100x8000000000000000691707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33a9eaccdaccfd82023-02-07 15:09:24.098root 11241100x8000000000000000691706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94271fe846b76e392023-02-07 15:09:24.098root 11241100x8000000000000000691705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a498ac20cdc192023-02-07 15:09:24.098root 11241100x8000000000000000691704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84016eab53994fc52023-02-07 15:09:24.098root 11241100x8000000000000000691703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc4754575df788b2023-02-07 15:09:24.098root 11241100x8000000000000000691721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213de3642f1edf72023-02-07 15:09:24.099root 11241100x8000000000000000691720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499419681b27c932023-02-07 15:09:24.099root 11241100x8000000000000000691719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea161491c9a23d1e2023-02-07 15:09:24.099root 11241100x8000000000000000691718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa72d370c460199e2023-02-07 15:09:24.099root 11241100x8000000000000000691717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc864f35fb85d612023-02-07 15:09:24.099root 11241100x8000000000000000691716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c044e1ba9d71b2023-02-07 15:09:24.099root 11241100x8000000000000000691715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe3c3346c763dd22023-02-07 15:09:24.099root 11241100x8000000000000000691714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141b5e7231bc427c2023-02-07 15:09:24.099root 11241100x8000000000000000691713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144add5c68b168a2023-02-07 15:09:24.099root 11241100x8000000000000000691712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f889f4925a3d02023-02-07 15:09:24.099root 11241100x8000000000000000691711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8568b919c007c6e2023-02-07 15:09:24.099root 11241100x8000000000000000691710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f3ae744f14b51a2023-02-07 15:09:24.099root 11241100x8000000000000000691709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e94b0c39f0672b2023-02-07 15:09:24.099root 11241100x8000000000000000691708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff85d8f18fca72f52023-02-07 15:09:24.099root 11241100x8000000000000000691733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee206247d0942bc2023-02-07 15:09:24.100root 11241100x8000000000000000691732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d38a8d65f055a9d2023-02-07 15:09:24.100root 11241100x8000000000000000691731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac39017ec7e216e2023-02-07 15:09:24.100root 11241100x8000000000000000691730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116012f5c3c057dd2023-02-07 15:09:24.100root 11241100x8000000000000000691729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22fa2f7b1da6c52023-02-07 15:09:24.100root 11241100x8000000000000000691728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3285b56b9ffc57ea2023-02-07 15:09:24.100root 11241100x8000000000000000691727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb70df9d8e11eb2023-02-07 15:09:24.100root 11241100x8000000000000000691726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a6ac050d3f8c62023-02-07 15:09:24.100root 11241100x8000000000000000691725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6af81aa8e311ea2023-02-07 15:09:24.100root 11241100x8000000000000000691724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9766d02a3885b81f2023-02-07 15:09:24.100root 11241100x8000000000000000691723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa681ff973ea962023-02-07 15:09:24.100root 11241100x8000000000000000691722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6ba9963017edc82023-02-07 15:09:24.100root 11241100x8000000000000000691737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2250b8b869746b2023-02-07 15:09:24.595root 11241100x8000000000000000691736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a15be43a6a855162023-02-07 15:09:24.595root 11241100x8000000000000000691735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bd7a037ccc71e2023-02-07 15:09:24.595root 11241100x8000000000000000691734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146e315e31309f1b2023-02-07 15:09:24.595root 11241100x8000000000000000691747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dab2a31c9917e4a2023-02-07 15:09:24.596root 11241100x8000000000000000691746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5dee38774228ff2023-02-07 15:09:24.596root 11241100x8000000000000000691745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377f8a7425c3afc02023-02-07 15:09:24.596root 11241100x8000000000000000691744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b71171bc0f2c732023-02-07 15:09:24.596root 11241100x8000000000000000691743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9658d74688c75402023-02-07 15:09:24.596root 11241100x8000000000000000691742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f777191c3023c2023-02-07 15:09:24.596root 11241100x8000000000000000691741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aeceb0323d0bda2023-02-07 15:09:24.596root 11241100x8000000000000000691740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2334ad1db2b7b2023-02-07 15:09:24.596root 11241100x8000000000000000691739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784efee94fdfb7d32023-02-07 15:09:24.596root 11241100x8000000000000000691738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3e3268627d1b252023-02-07 15:09:24.596root 11241100x8000000000000000691759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6ed2bed4a5a36a2023-02-07 15:09:24.597root 11241100x8000000000000000691758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f2fd7fc36e7292023-02-07 15:09:24.597root 11241100x8000000000000000691757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23404cbcd3035e2023-02-07 15:09:24.597root 11241100x8000000000000000691756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25baa214a1238942023-02-07 15:09:24.597root 11241100x8000000000000000691755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89b77dc959daf4c2023-02-07 15:09:24.597root 11241100x8000000000000000691754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540658e7f1c4cd732023-02-07 15:09:24.597root 11241100x8000000000000000691753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cea7fe8c289e0a2023-02-07 15:09:24.597root 11241100x8000000000000000691752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723fec906ccb30e42023-02-07 15:09:24.597root 11241100x8000000000000000691751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45b620f9352ef0a2023-02-07 15:09:24.597root 11241100x8000000000000000691750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178dc478c04eb9962023-02-07 15:09:24.597root 11241100x8000000000000000691749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee45d2e8c9cdfd92023-02-07 15:09:24.597root 11241100x8000000000000000691748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9460c415cf0ef2192023-02-07 15:09:24.597root 11241100x8000000000000000691773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219eb817542bc3b2023-02-07 15:09:24.598root 11241100x8000000000000000691772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232fe56511185af82023-02-07 15:09:24.598root 11241100x8000000000000000691771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a747764e15e21b4f2023-02-07 15:09:24.598root 11241100x8000000000000000691770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac014384ce57d62023-02-07 15:09:24.598root 11241100x8000000000000000691769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a310f4bc78b192023-02-07 15:09:24.598root 11241100x8000000000000000691768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed98999a4aa061382023-02-07 15:09:24.598root 11241100x8000000000000000691767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6b7c272a1ed5e62023-02-07 15:09:24.598root 11241100x8000000000000000691766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f99d1a7adea782023-02-07 15:09:24.598root 11241100x8000000000000000691765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ee5f007de3dc52023-02-07 15:09:24.598root 11241100x8000000000000000691764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a8c26cbd38d4a2023-02-07 15:09:24.598root 11241100x8000000000000000691763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3091b15c2db75422023-02-07 15:09:24.598root 11241100x8000000000000000691762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088f153d3dbbc5ca2023-02-07 15:09:24.598root 11241100x8000000000000000691761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76522e706720653b2023-02-07 15:09:24.598root 11241100x8000000000000000691760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d9702f323907412023-02-07 15:09:24.598root 11241100x8000000000000000691774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77782ce51ce0fd72023-02-07 15:09:24.599root 11241100x8000000000000000691775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:09:24.732root 11241100x8000000000000000691777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787eb656532b389e2023-02-07 15:09:25.095root 11241100x8000000000000000691776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346b9d7717614a122023-02-07 15:09:25.095root 11241100x8000000000000000691783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c129df05334382482023-02-07 15:09:25.096root 11241100x8000000000000000691782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f95421b8fd3c0d2023-02-07 15:09:25.096root 11241100x8000000000000000691781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369afbb4911edbfa2023-02-07 15:09:25.096root 11241100x8000000000000000691780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b10997b2fa4512023-02-07 15:09:25.096root 11241100x8000000000000000691779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57692c0b5ff1788c2023-02-07 15:09:25.096root 11241100x8000000000000000691778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ea2f49ced305cb2023-02-07 15:09:25.096root 11241100x8000000000000000691795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e00a9015d933c32023-02-07 15:09:25.097root 11241100x8000000000000000691794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a2083823405f22023-02-07 15:09:25.097root 11241100x8000000000000000691793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8790ff61e3a8ff2023-02-07 15:09:25.097root 11241100x8000000000000000691792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ecc7a8a5713e842023-02-07 15:09:25.097root 11241100x8000000000000000691791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497d13728ac66342023-02-07 15:09:25.097root 11241100x8000000000000000691790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f905e3c496bef0ff2023-02-07 15:09:25.097root 11241100x8000000000000000691789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95456b629d8f956a2023-02-07 15:09:25.097root 11241100x8000000000000000691788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef426e3d1e55df2023-02-07 15:09:25.097root 11241100x8000000000000000691787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd507b1148aa2a12023-02-07 15:09:25.097root 11241100x8000000000000000691786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a227d4c656a45edd2023-02-07 15:09:25.097root 11241100x8000000000000000691785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f71f350f4b5a65d2023-02-07 15:09:25.097root 11241100x8000000000000000691784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62e165f1cea8c042023-02-07 15:09:25.097root 11241100x8000000000000000691810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77209519ea7df4502023-02-07 15:09:25.098root 11241100x8000000000000000691809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17a0e9af55c76d02023-02-07 15:09:25.098root 11241100x8000000000000000691808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860729eccb0ddcf2023-02-07 15:09:25.098root 11241100x8000000000000000691807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d11e8ef165e96102023-02-07 15:09:25.098root 11241100x8000000000000000691806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e85145e53f637292023-02-07 15:09:25.098root 11241100x8000000000000000691805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73de26e44bf46e52023-02-07 15:09:25.098root 11241100x8000000000000000691804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e322b1ce1a6dc9aa2023-02-07 15:09:25.098root 11241100x8000000000000000691803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11d86074285b95a2023-02-07 15:09:25.098root 11241100x8000000000000000691802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eeec5f632d495a2023-02-07 15:09:25.098root 11241100x8000000000000000691801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537b7e98c039a5cc2023-02-07 15:09:25.098root 11241100x8000000000000000691800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31de66ae11dbf42023-02-07 15:09:25.098root 11241100x8000000000000000691799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc57e4b6b7b1cd82023-02-07 15:09:25.098root 11241100x8000000000000000691798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158834c3135016432023-02-07 15:09:25.098root 11241100x8000000000000000691797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35bf5043ae9a45a2023-02-07 15:09:25.098root 11241100x8000000000000000691796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf9ed6e65ad210c2023-02-07 15:09:25.098root 11241100x8000000000000000691811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a8e74b960310142023-02-07 15:09:25.099root 11241100x8000000000000000691816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c3c06e7dc1e3272023-02-07 15:09:25.595root 11241100x8000000000000000691815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab7b79e0c8c31e2023-02-07 15:09:25.595root 11241100x8000000000000000691814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66943d60a5182c82023-02-07 15:09:25.595root 11241100x8000000000000000691813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad49294780602002023-02-07 15:09:25.595root 11241100x8000000000000000691812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ce6a6e2d5e87422023-02-07 15:09:25.595root 11241100x8000000000000000691827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dd91418c647e842023-02-07 15:09:25.596root 11241100x8000000000000000691826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95977b8769be42cc2023-02-07 15:09:25.596root 11241100x8000000000000000691825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef67c2c967d56582023-02-07 15:09:25.596root 11241100x8000000000000000691824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c9d42d35a3cc822023-02-07 15:09:25.596root 11241100x8000000000000000691823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1919e3bc93e001302023-02-07 15:09:25.596root 11241100x8000000000000000691822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf536c6c4aaf43392023-02-07 15:09:25.596root 11241100x8000000000000000691821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fcebad17a68ca52023-02-07 15:09:25.596root 11241100x8000000000000000691820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc577fa457c8edc2023-02-07 15:09:25.596root 11241100x8000000000000000691819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d262be757489c2023-02-07 15:09:25.596root 11241100x8000000000000000691818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc8d6fb6b2c28c2023-02-07 15:09:25.596root 11241100x8000000000000000691817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd42dc967fb1522023-02-07 15:09:25.596root 11241100x8000000000000000691836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796133a19d5eba12023-02-07 15:09:25.597root 11241100x8000000000000000691835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cceae0d22a04c2023-02-07 15:09:25.597root 11241100x8000000000000000691834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a905dcf7f089110d2023-02-07 15:09:25.597root 11241100x8000000000000000691833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a26acf3cc47b102023-02-07 15:09:25.597root 11241100x8000000000000000691832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c84f72e62b3a4cc2023-02-07 15:09:25.597root 11241100x8000000000000000691831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ebba9cb58342542023-02-07 15:09:25.597root 11241100x8000000000000000691830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120d8885ee491cb2023-02-07 15:09:25.597root 11241100x8000000000000000691829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3a4b4f51a2e812023-02-07 15:09:25.597root 11241100x8000000000000000691828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642420644aca17d2023-02-07 15:09:25.597root 11241100x8000000000000000691846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83105ca102458b3a2023-02-07 15:09:25.598root 11241100x8000000000000000691845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00918808c74ec7b2023-02-07 15:09:25.598root 11241100x8000000000000000691844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a10a2a7a2bdc6182023-02-07 15:09:25.598root 11241100x8000000000000000691843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75468e9a226bc36d2023-02-07 15:09:25.598root 11241100x8000000000000000691842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b55e728db215c5b2023-02-07 15:09:25.598root 11241100x8000000000000000691841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8d9f1553e24262023-02-07 15:09:25.598root 11241100x8000000000000000691840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceda179eb2444722023-02-07 15:09:25.598root 11241100x8000000000000000691839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3d74bbdeda8e92023-02-07 15:09:25.598root 11241100x8000000000000000691838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e471a004c1130a2023-02-07 15:09:25.598root 11241100x8000000000000000691837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac77f1acd66e226b2023-02-07 15:09:25.598root 11241100x8000000000000000691854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfeb20197fa7822023-02-07 15:09:25.599root 11241100x8000000000000000691853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406520570740c14a2023-02-07 15:09:25.599root 11241100x8000000000000000691852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c20968a22fe2a9c2023-02-07 15:09:25.599root 11241100x8000000000000000691851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3378de90dba9f22023-02-07 15:09:25.599root 11241100x8000000000000000691850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08401865df1535b12023-02-07 15:09:25.599root 11241100x8000000000000000691849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e234d616132b02023-02-07 15:09:25.599root 11241100x8000000000000000691848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9469c9109fbaa72023-02-07 15:09:25.599root 11241100x8000000000000000691847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456e752e437f7a7b2023-02-07 15:09:25.599root 11241100x8000000000000000691857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c57066bb23e0c02023-02-07 15:09:25.600root 11241100x8000000000000000691856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0863c4c24b2c73232023-02-07 15:09:25.600root 11241100x8000000000000000691855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c039ed950dd8dab2023-02-07 15:09:25.600root 354300x8000000000000000691858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.054{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44172-false10.0.1.12-8000- 11241100x8000000000000000691865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c01c52c4430fa2023-02-07 15:09:26.055root 11241100x8000000000000000691864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c66859d4223ced12023-02-07 15:09:26.055root 11241100x8000000000000000691863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b166fff48aaba02023-02-07 15:09:26.055root 11241100x8000000000000000691862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f87aaa6a7d364422023-02-07 15:09:26.055root 11241100x8000000000000000691861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166bcfe6653e0df02023-02-07 15:09:26.055root 11241100x8000000000000000691860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bbcd45fae370aa2023-02-07 15:09:26.055root 11241100x8000000000000000691859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8977ecc6df6ad2023-02-07 15:09:26.055root 11241100x8000000000000000691873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fe89b7abc62ac82023-02-07 15:09:26.056root 11241100x8000000000000000691872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b101825f5945162023-02-07 15:09:26.056root 11241100x8000000000000000691871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebec1ea314415f722023-02-07 15:09:26.056root 11241100x8000000000000000691870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fda56a7abd26262023-02-07 15:09:26.056root 11241100x8000000000000000691869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cdc90ea0aab4662023-02-07 15:09:26.056root 11241100x8000000000000000691868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05484f44b69b3ad2023-02-07 15:09:26.056root 11241100x8000000000000000691867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2b875777ce9d1a2023-02-07 15:09:26.056root 11241100x8000000000000000691866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be0d7d29a5bbb392023-02-07 15:09:26.056root 11241100x8000000000000000691881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488a4ba01b0239452023-02-07 15:09:26.057root 11241100x8000000000000000691880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036bb6d7759b17f2023-02-07 15:09:26.057root 11241100x8000000000000000691879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35da6b65a584ce22023-02-07 15:09:26.057root 11241100x8000000000000000691878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8edfa5e42f91da2023-02-07 15:09:26.057root 11241100x8000000000000000691877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cecff2f7feb40f02023-02-07 15:09:26.057root 11241100x8000000000000000691876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94fd7706a2fe0872023-02-07 15:09:26.057root 11241100x8000000000000000691875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18493c497856352023-02-07 15:09:26.057root 11241100x8000000000000000691874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dd2f1c7d7486c12023-02-07 15:09:26.057root 11241100x8000000000000000691891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb8d93358ae3922023-02-07 15:09:26.058root 11241100x8000000000000000691890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0699c660f7e882023-02-07 15:09:26.058root 11241100x8000000000000000691889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ddff83b7e41222023-02-07 15:09:26.058root 11241100x8000000000000000691888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a511a521c566312023-02-07 15:09:26.058root 11241100x8000000000000000691887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d553b33e25d2782023-02-07 15:09:26.058root 11241100x8000000000000000691886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a359dd5076a8a612023-02-07 15:09:26.058root 11241100x8000000000000000691885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca22e74f1ec8fc2023-02-07 15:09:26.058root 11241100x8000000000000000691884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305e92b7895befe02023-02-07 15:09:26.058root 11241100x8000000000000000691883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c8f9a34827c6112023-02-07 15:09:26.058root 11241100x8000000000000000691882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a289377e6d0a22023-02-07 15:09:26.058root 11241100x8000000000000000691901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d7bda529e370542023-02-07 15:09:26.059root 11241100x8000000000000000691900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5e93382a608452023-02-07 15:09:26.059root 11241100x8000000000000000691899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e17ad4f3a448712023-02-07 15:09:26.059root 11241100x8000000000000000691898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f6623f33c7e1c2023-02-07 15:09:26.059root 11241100x8000000000000000691897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adbf1d64db3bad42023-02-07 15:09:26.059root 11241100x8000000000000000691896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a30657a3c1b0182023-02-07 15:09:26.059root 11241100x8000000000000000691895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225afa113eb395902023-02-07 15:09:26.059root 11241100x8000000000000000691894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e6dcec738e5132023-02-07 15:09:26.059root 11241100x8000000000000000691893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739cc80ee30109362023-02-07 15:09:26.059root 11241100x8000000000000000691892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f01dbbd9e625b2023-02-07 15:09:26.059root 11241100x8000000000000000691908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194a6018ed7b5bdb2023-02-07 15:09:26.346root 11241100x8000000000000000691907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf8319747c8edbe2023-02-07 15:09:26.346root 11241100x8000000000000000691906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff29a6e12fb3b42023-02-07 15:09:26.346root 11241100x8000000000000000691905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887cae7e289d6b2f2023-02-07 15:09:26.346root 11241100x8000000000000000691904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067da70a7b71bd342023-02-07 15:09:26.346root 11241100x8000000000000000691903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce179d1e753343362023-02-07 15:09:26.346root 11241100x8000000000000000691902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62ff22e25bb42332023-02-07 15:09:26.346root 11241100x8000000000000000691917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d39bb64f7704a2023-02-07 15:09:26.347root 11241100x8000000000000000691916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410490e24bf545062023-02-07 15:09:26.347root 11241100x8000000000000000691915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038cbc03471136962023-02-07 15:09:26.347root 11241100x8000000000000000691914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1996c503271a3a2023-02-07 15:09:26.347root 11241100x8000000000000000691913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8528cc30ca5786ed2023-02-07 15:09:26.347root 11241100x8000000000000000691912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975d5c98a7345ac82023-02-07 15:09:26.347root 11241100x8000000000000000691911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7cebd9d1d8ee192023-02-07 15:09:26.347root 11241100x8000000000000000691910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187dcdd63df512262023-02-07 15:09:26.347root 11241100x8000000000000000691909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4d50918a4196612023-02-07 15:09:26.347root 11241100x8000000000000000691927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35adc8d6a80e31442023-02-07 15:09:26.348root 11241100x8000000000000000691926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7dd9eae5a53872023-02-07 15:09:26.348root 11241100x8000000000000000691925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35ca6c274c43e9a2023-02-07 15:09:26.348root 11241100x8000000000000000691924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4604c16cc5e1730e2023-02-07 15:09:26.348root 11241100x8000000000000000691923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7dc62000ac8dd2023-02-07 15:09:26.348root 11241100x8000000000000000691922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df57940286fa7742023-02-07 15:09:26.348root 11241100x8000000000000000691921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c354e9066773692023-02-07 15:09:26.348root 11241100x8000000000000000691920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccf6311df138612023-02-07 15:09:26.348root 11241100x8000000000000000691919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a780eb2a4e2314272023-02-07 15:09:26.348root 11241100x8000000000000000691918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559da2ecb1b882162023-02-07 15:09:26.348root 11241100x8000000000000000691935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8af184f0703b1d2023-02-07 15:09:26.349root 11241100x8000000000000000691934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24173664896474b2023-02-07 15:09:26.349root 11241100x8000000000000000691933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff1de5da03e2c372023-02-07 15:09:26.349root 11241100x8000000000000000691932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2c34a13de300d2023-02-07 15:09:26.349root 11241100x8000000000000000691931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0c399bb36641452023-02-07 15:09:26.349root 11241100x8000000000000000691930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0c8b2a727ca50d2023-02-07 15:09:26.349root 11241100x8000000000000000691929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f10c93d4dfe5342023-02-07 15:09:26.349root 11241100x8000000000000000691928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801742aaba8ab6fd2023-02-07 15:09:26.349root 534500x8000000000000000691936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.635{00000000-0000-0000-0000-000000000000}6082<unknown process>root 11241100x8000000000000000691944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51360cfaaf581542023-02-07 15:09:26.636root 11241100x8000000000000000691943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d82efcfe05795be2023-02-07 15:09:26.636root 11241100x8000000000000000691942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8ae76db7e597b32023-02-07 15:09:26.636root 11241100x8000000000000000691941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b544a7cd50ef302023-02-07 15:09:26.636root 11241100x8000000000000000691940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2eea27880e6c7f2023-02-07 15:09:26.636root 11241100x8000000000000000691939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eda3d33a6ba9a32023-02-07 15:09:26.636root 11241100x8000000000000000691938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e95630cf2415df2023-02-07 15:09:26.636root 11241100x8000000000000000691937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c417df5344b1a12023-02-07 15:09:26.636root 11241100x8000000000000000691952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577170763ef58a8c2023-02-07 15:09:26.637root 11241100x8000000000000000691951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5d201e6bf552a52023-02-07 15:09:26.637root 11241100x8000000000000000691950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2138e238a37aed4b2023-02-07 15:09:26.637root 11241100x8000000000000000691949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341317a9521d236b2023-02-07 15:09:26.637root 11241100x8000000000000000691948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2725ef37cf20ab42023-02-07 15:09:26.637root 11241100x8000000000000000691947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3bdb721ace6962023-02-07 15:09:26.637root 11241100x8000000000000000691946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2ff71ce78ddb12023-02-07 15:09:26.637root 11241100x8000000000000000691945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4c2034db6bed52023-02-07 15:09:26.637root 11241100x8000000000000000691957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec46eb47c89cea8a2023-02-07 15:09:26.638root 11241100x8000000000000000691956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aad2460369edeb02023-02-07 15:09:26.638root 11241100x8000000000000000691955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cc464e18e60efc2023-02-07 15:09:26.638root 11241100x8000000000000000691954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe9ee0afd6a31632023-02-07 15:09:26.638root 11241100x8000000000000000691953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c537217c6698b57f2023-02-07 15:09:26.638root 11241100x8000000000000000691958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.639{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41affed5dc1cc6f2023-02-07 15:09:26.639root 11241100x8000000000000000691962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28894e954f91ea22023-02-07 15:09:26.640root 11241100x8000000000000000691961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49dcf010a89e172023-02-07 15:09:26.640root 11241100x8000000000000000691960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89558238267bb2bb2023-02-07 15:09:26.640root 11241100x8000000000000000691959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65c6a2d76b2f812023-02-07 15:09:26.640root 11241100x8000000000000000691973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d2954c778c0722023-02-07 15:09:26.641root 11241100x8000000000000000691972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256d7951f9ad4bd92023-02-07 15:09:26.641root 11241100x8000000000000000691971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7287f6824255ffb2023-02-07 15:09:26.641root 11241100x8000000000000000691970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cd4b8ea8dc525e2023-02-07 15:09:26.641root 11241100x8000000000000000691969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db5531d2b911f942023-02-07 15:09:26.641root 11241100x8000000000000000691968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eaff6d31e9d7222023-02-07 15:09:26.641root 11241100x8000000000000000691967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbaa0ea67baca902023-02-07 15:09:26.641root 11241100x8000000000000000691966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8dabd6f6784362023-02-07 15:09:26.641root 11241100x8000000000000000691965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4619b70f78fca2023-02-07 15:09:26.641root 11241100x8000000000000000691964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26213ed720b0d3c72023-02-07 15:09:26.641root 11241100x8000000000000000691963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c750c5b2e1bc221e2023-02-07 15:09:26.641root 11241100x8000000000000000691978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c470ab71792b6b892023-02-07 15:09:26.642root 11241100x8000000000000000691977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c47967e04a7d72023-02-07 15:09:26.642root 11241100x8000000000000000691976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e272cba9b855a122023-02-07 15:09:26.642root 11241100x8000000000000000691975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ad7e621730a2d2023-02-07 15:09:26.642root 11241100x8000000000000000691974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4576a287d03bf922023-02-07 15:09:26.642root 11241100x8000000000000000691979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.643{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82067619e5ece15c2023-02-07 15:09:26.643root 11241100x8000000000000000691982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364574d1d08c3a062023-02-07 15:09:26.644root 11241100x8000000000000000691981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d205b7a9289814de2023-02-07 15:09:26.644root 11241100x8000000000000000691980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeaa712e126d4e32023-02-07 15:09:26.644root 11241100x8000000000000000691992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa35d7fcea9362d2023-02-07 15:09:26.645root 11241100x8000000000000000691991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b89102eca6f1382023-02-07 15:09:26.645root 11241100x8000000000000000691990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcbe412318cb15c2023-02-07 15:09:26.645root 11241100x8000000000000000691989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f024eea28e8f28aa2023-02-07 15:09:26.645root 11241100x8000000000000000691988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04dd1d0a3feb93f2023-02-07 15:09:26.645root 11241100x8000000000000000691987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae4ce7f63d9f7d72023-02-07 15:09:26.645root 11241100x8000000000000000691986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1214ab302ff5472023-02-07 15:09:26.645root 11241100x8000000000000000691985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06b6761d4096bf82023-02-07 15:09:26.645root 11241100x8000000000000000691984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafc42683175941a2023-02-07 15:09:26.645root 11241100x8000000000000000691983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50217227234a83bc2023-02-07 15:09:26.645root 11241100x8000000000000000691993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f079555ba18b52023-02-07 15:09:27.095root 11241100x8000000000000000691998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c987bcc898687c262023-02-07 15:09:27.096root 11241100x8000000000000000691997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451dea1aa2bfaeef2023-02-07 15:09:27.096root 11241100x8000000000000000691996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7b4699677b56032023-02-07 15:09:27.096root 11241100x8000000000000000691995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bbef1a40d3b042023-02-07 15:09:27.096root 11241100x8000000000000000691994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6ba3db7d8d2ce2023-02-07 15:09:27.096root 11241100x8000000000000000692008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b91dd9a51d5d2c2023-02-07 15:09:27.097root 11241100x8000000000000000692007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18afb0b650404692023-02-07 15:09:27.097root 11241100x8000000000000000692006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d242e020009be72023-02-07 15:09:27.097root 11241100x8000000000000000692005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8d89ab62440022023-02-07 15:09:27.097root 11241100x8000000000000000692004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c13d2ef47403af2023-02-07 15:09:27.097root 11241100x8000000000000000692003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58e44be08e10ea2023-02-07 15:09:27.097root 11241100x8000000000000000692002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc1d81b328886c2023-02-07 15:09:27.097root 11241100x8000000000000000692001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6678671ecaeded5d2023-02-07 15:09:27.097root 11241100x8000000000000000692000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41420a03d469b30e2023-02-07 15:09:27.097root 11241100x8000000000000000691999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac1d2e82cd39ea82023-02-07 15:09:27.097root 11241100x8000000000000000692023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f90861b5320a962023-02-07 15:09:27.098root 11241100x8000000000000000692022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a714283783560272023-02-07 15:09:27.098root 11241100x8000000000000000692021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc686fcf86353942023-02-07 15:09:27.098root 11241100x8000000000000000692020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2646a9d91992ba2023-02-07 15:09:27.098root 11241100x8000000000000000692019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8c560e94452f8f2023-02-07 15:09:27.098root 11241100x8000000000000000692018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22309960a14525ee2023-02-07 15:09:27.098root 11241100x8000000000000000692017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14160439b028227d2023-02-07 15:09:27.098root 11241100x8000000000000000692016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ceec5de89fa6a22023-02-07 15:09:27.098root 11241100x8000000000000000692015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30adc26316b95ae32023-02-07 15:09:27.098root 11241100x8000000000000000692014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d4e387df1841e22023-02-07 15:09:27.098root 11241100x8000000000000000692013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d86598f06b35592023-02-07 15:09:27.098root 11241100x8000000000000000692012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c559202e2cfd2ce82023-02-07 15:09:27.098root 11241100x8000000000000000692011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59ae3bcea42c2022023-02-07 15:09:27.098root 11241100x8000000000000000692010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3d4b7a9fe9f6462023-02-07 15:09:27.098root 11241100x8000000000000000692009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0215e85412384e2023-02-07 15:09:27.098root 11241100x8000000000000000692033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7fbe28183126ee2023-02-07 15:09:27.099root 11241100x8000000000000000692032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02916d5739c386f52023-02-07 15:09:27.099root 11241100x8000000000000000692031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4908154e03f9b67d2023-02-07 15:09:27.099root 11241100x8000000000000000692030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aeac98e4dee7b12023-02-07 15:09:27.099root 11241100x8000000000000000692029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bc65b939014b82023-02-07 15:09:27.099root 11241100x8000000000000000692028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72543c59649767642023-02-07 15:09:27.099root 11241100x8000000000000000692027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b104304dc27297fe2023-02-07 15:09:27.099root 11241100x8000000000000000692026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2590ab4d712820912023-02-07 15:09:27.099root 11241100x8000000000000000692025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7426a1dadf5bbf902023-02-07 15:09:27.099root 11241100x8000000000000000692024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f033883b83cf48282023-02-07 15:09:27.099root 11241100x8000000000000000692039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec7ec3436de3b02023-02-07 15:09:27.595root 11241100x8000000000000000692038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f63acfeffeeba92023-02-07 15:09:27.595root 11241100x8000000000000000692037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9d956b123b7c62023-02-07 15:09:27.595root 11241100x8000000000000000692036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1253b649c255b592023-02-07 15:09:27.595root 11241100x8000000000000000692035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da0696ffa16d962023-02-07 15:09:27.595root 11241100x8000000000000000692034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06051d79cea56c902023-02-07 15:09:27.595root 11241100x8000000000000000692047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c40dce309d58c02023-02-07 15:09:27.596root 11241100x8000000000000000692046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451449f5c555b192023-02-07 15:09:27.596root 11241100x8000000000000000692045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f85a38746734552023-02-07 15:09:27.596root 11241100x8000000000000000692044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f356c806b0fdbd2023-02-07 15:09:27.596root 11241100x8000000000000000692043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6d7db44f8c5702023-02-07 15:09:27.596root 11241100x8000000000000000692042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79226186309e9eab2023-02-07 15:09:27.596root 11241100x8000000000000000692041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862fbfffe60644d32023-02-07 15:09:27.596root 11241100x8000000000000000692040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154da92290fb0c92023-02-07 15:09:27.596root 11241100x8000000000000000692051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e3b27f3e778742023-02-07 15:09:27.597root 11241100x8000000000000000692050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9faa856b9bf1f2023-02-07 15:09:27.597root 11241100x8000000000000000692049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f267ffb7e48175c72023-02-07 15:09:27.597root 11241100x8000000000000000692048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45446976b7ace0662023-02-07 15:09:27.597root 11241100x8000000000000000692055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb3c236712ef472023-02-07 15:09:27.598root 11241100x8000000000000000692054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759c1e03282e8a222023-02-07 15:09:27.598root 11241100x8000000000000000692053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8b126aa4e2a0ed2023-02-07 15:09:27.598root 11241100x8000000000000000692052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5428eaa2649055f32023-02-07 15:09:27.598root 11241100x8000000000000000692059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369d2d3fe05562732023-02-07 15:09:27.599root 11241100x8000000000000000692058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7e633d00da2202023-02-07 15:09:27.599root 11241100x8000000000000000692057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910441a7d2de9e02023-02-07 15:09:27.599root 11241100x8000000000000000692056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59267b8a45a8a9c32023-02-07 15:09:27.599root 11241100x8000000000000000692063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2f02dec7f4ead2023-02-07 15:09:27.600root 11241100x8000000000000000692062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca91e19cdd82e04f2023-02-07 15:09:27.600root 11241100x8000000000000000692061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6041a9cfe2cb5462023-02-07 15:09:27.600root 11241100x8000000000000000692060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00d5648fb16ac8c2023-02-07 15:09:27.600root 11241100x8000000000000000692067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083e725fe1df8782023-02-07 15:09:27.601root 11241100x8000000000000000692066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6a52ab50bd325b2023-02-07 15:09:27.601root 11241100x8000000000000000692065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50c83dbdf81d9252023-02-07 15:09:27.601root 11241100x8000000000000000692064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0a161b725617c42023-02-07 15:09:27.601root 11241100x8000000000000000692072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0ab644d0c535c2023-02-07 15:09:27.602root 11241100x8000000000000000692071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0884f9b688af2892023-02-07 15:09:27.602root 11241100x8000000000000000692070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36925bfc553d09072023-02-07 15:09:27.602root 11241100x8000000000000000692069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8ca16cf6ec1e82023-02-07 15:09:27.602root 11241100x8000000000000000692068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114430aa3d7ecf0b2023-02-07 15:09:27.602root 23542300x8000000000000000692073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.734{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000692075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe9de56686f39f32023-02-07 15:09:28.095root 11241100x8000000000000000692074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7d34e79b129c232023-02-07 15:09:28.095root 11241100x8000000000000000692082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c018266fca0fe52023-02-07 15:09:28.096root 11241100x8000000000000000692081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d371773f02706fe52023-02-07 15:09:28.096root 11241100x8000000000000000692080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe255784ed7d452f2023-02-07 15:09:28.096root 11241100x8000000000000000692079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1d81917618a872023-02-07 15:09:28.096root 11241100x8000000000000000692078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409dc5c6f2395dd22023-02-07 15:09:28.096root 11241100x8000000000000000692077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b24c42ae92579d92023-02-07 15:09:28.096root 11241100x8000000000000000692076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39af685d553b4e12023-02-07 15:09:28.096root 11241100x8000000000000000692088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ffc3c454192452023-02-07 15:09:28.097root 11241100x8000000000000000692087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cac20e516028f02023-02-07 15:09:28.097root 11241100x8000000000000000692086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db64ca4c3891d9f32023-02-07 15:09:28.097root 11241100x8000000000000000692085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64de659709df646f2023-02-07 15:09:28.097root 11241100x8000000000000000692084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739a936512d4b6c2023-02-07 15:09:28.097root 11241100x8000000000000000692083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e4c4b09e5a7362023-02-07 15:09:28.097root 11241100x8000000000000000692091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a022d4bc4c9902023-02-07 15:09:28.098root 11241100x8000000000000000692090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a8d3eed5782192023-02-07 15:09:28.098root 11241100x8000000000000000692089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cdefa575f39dcb2023-02-07 15:09:28.098root 11241100x8000000000000000692095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c58c2625a7232d2023-02-07 15:09:28.099root 11241100x8000000000000000692094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e292257516d372023-02-07 15:09:28.099root 11241100x8000000000000000692093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264224a065e95d372023-02-07 15:09:28.099root 11241100x8000000000000000692092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cc7ce4e4157b3b2023-02-07 15:09:28.099root 11241100x8000000000000000692106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ec9be1b62262ab2023-02-07 15:09:28.100root 11241100x8000000000000000692105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b37eccb2f9c85f2023-02-07 15:09:28.100root 11241100x8000000000000000692104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267122acc94fe3e72023-02-07 15:09:28.100root 11241100x8000000000000000692103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd841065e70fb4ff2023-02-07 15:09:28.100root 11241100x8000000000000000692102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351e041e3fc322a2023-02-07 15:09:28.100root 11241100x8000000000000000692101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945992d3ce650ed42023-02-07 15:09:28.100root 11241100x8000000000000000692100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cf43d54e077842023-02-07 15:09:28.100root 11241100x8000000000000000692099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca7f66b8e918e242023-02-07 15:09:28.100root 11241100x8000000000000000692098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e82f0d1b2467d42023-02-07 15:09:28.100root 11241100x8000000000000000692097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584cb76a6380b99d2023-02-07 15:09:28.100root 11241100x8000000000000000692096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0f876960e82a472023-02-07 15:09:28.100root 11241100x8000000000000000692114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94e96c0a7d5a4db2023-02-07 15:09:28.101root 11241100x8000000000000000692113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eada6683db70a52023-02-07 15:09:28.101root 11241100x8000000000000000692112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42384d97faea29562023-02-07 15:09:28.101root 11241100x8000000000000000692111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc41c2083701462023-02-07 15:09:28.101root 11241100x8000000000000000692110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c609e231b8ab82023-02-07 15:09:28.101root 11241100x8000000000000000692109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08554b75a3858aa2023-02-07 15:09:28.101root 11241100x8000000000000000692108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd041011cefd96b2023-02-07 15:09:28.101root 11241100x8000000000000000692107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7131f7ad26ca4d2023-02-07 15:09:28.101root 11241100x8000000000000000692119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ec25ebdb161e12023-02-07 15:09:28.102root 11241100x8000000000000000692118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e728606bfe60a5342023-02-07 15:09:28.102root 11241100x8000000000000000692117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e06682916901ec2023-02-07 15:09:28.102root 11241100x8000000000000000692116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024a1b20631a3c202023-02-07 15:09:28.102root 11241100x8000000000000000692115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d867150a086a442023-02-07 15:09:28.102root 11241100x8000000000000000692125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86494fcc0cadd1e2023-02-07 15:09:28.103root 11241100x8000000000000000692124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbae7b7d41430fd2023-02-07 15:09:28.103root 11241100x8000000000000000692123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9821084d0313e1c2023-02-07 15:09:28.103root 11241100x8000000000000000692122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79121c7c5acbd6ff2023-02-07 15:09:28.103root 11241100x8000000000000000692121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a55548ddda19a2023-02-07 15:09:28.103root 11241100x8000000000000000692120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d1df62f0e891672023-02-07 15:09:28.103root 11241100x8000000000000000692126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e64d3f8b2774c22023-02-07 15:09:28.104root 11241100x8000000000000000692129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a71bbaeff36402023-02-07 15:09:28.595root 11241100x8000000000000000692128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1448c5b6075a742023-02-07 15:09:28.595root 11241100x8000000000000000692127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f697347bb6a640d32023-02-07 15:09:28.595root 11241100x8000000000000000692139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1ce7be94f09c12023-02-07 15:09:28.596root 11241100x8000000000000000692138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42136c95bc0aba022023-02-07 15:09:28.596root 11241100x8000000000000000692137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b0a331e2bb08f02023-02-07 15:09:28.596root 11241100x8000000000000000692136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a833e5a5e48faab2023-02-07 15:09:28.596root 11241100x8000000000000000692135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0928ab19df218192023-02-07 15:09:28.596root 11241100x8000000000000000692134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfbc0c8fd7a87c12023-02-07 15:09:28.596root 11241100x8000000000000000692133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9a9939b247aea2023-02-07 15:09:28.596root 11241100x8000000000000000692132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313062b861500b82023-02-07 15:09:28.596root 11241100x8000000000000000692131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4298475f4fb03a2023-02-07 15:09:28.596root 11241100x8000000000000000692130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0138ee6e0b4e52023-02-07 15:09:28.596root 11241100x8000000000000000692148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec6f6ec30816fdb2023-02-07 15:09:28.597root 11241100x8000000000000000692147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61611bd64cf6b2922023-02-07 15:09:28.597root 11241100x8000000000000000692146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7eb785a681eb82023-02-07 15:09:28.597root 11241100x8000000000000000692145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c264c80a8ae42023-02-07 15:09:28.597root 11241100x8000000000000000692144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9514562fef8d768f2023-02-07 15:09:28.597root 11241100x8000000000000000692143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa0fe3ee90e3bec2023-02-07 15:09:28.597root 11241100x8000000000000000692142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b299a165b9e3c52023-02-07 15:09:28.597root 11241100x8000000000000000692141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21dc347606148362023-02-07 15:09:28.597root 11241100x8000000000000000692140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9946e6a4c83afc812023-02-07 15:09:28.597root 11241100x8000000000000000692160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5271b857c05d31112023-02-07 15:09:28.598root 11241100x8000000000000000692159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0f21a09ea2738f2023-02-07 15:09:28.598root 11241100x8000000000000000692158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da9dc086257d4d2023-02-07 15:09:28.598root 11241100x8000000000000000692157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c28f67e9d94c12023-02-07 15:09:28.598root 11241100x8000000000000000692156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e799e7c85bd946e2023-02-07 15:09:28.598root 11241100x8000000000000000692155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628a1bf4cc8d9b32023-02-07 15:09:28.598root 11241100x8000000000000000692154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051be8ea4b4cc6592023-02-07 15:09:28.598root 11241100x8000000000000000692153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8632b1557130ba922023-02-07 15:09:28.598root 11241100x8000000000000000692152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198a236966d49262023-02-07 15:09:28.598root 11241100x8000000000000000692151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603faa2c20980b02023-02-07 15:09:28.598root 11241100x8000000000000000692150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b2bcc522970f82023-02-07 15:09:28.598root 11241100x8000000000000000692149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06898f3bb35793522023-02-07 15:09:28.598root 11241100x8000000000000000692175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ca4e67a6df4db22023-02-07 15:09:28.599root 11241100x8000000000000000692174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bbd86ee827822d2023-02-07 15:09:28.599root 11241100x8000000000000000692173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a5405435268fe2023-02-07 15:09:28.599root 11241100x8000000000000000692172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a489a86dfbdd49462023-02-07 15:09:28.599root 11241100x8000000000000000692171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5739769e417ee82023-02-07 15:09:28.599root 11241100x8000000000000000692170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f5e3c88437bb12023-02-07 15:09:28.599root 11241100x8000000000000000692169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d0d9d0d0cbdcd02023-02-07 15:09:28.599root 11241100x8000000000000000692168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebd004bb2ed631d2023-02-07 15:09:28.599root 11241100x8000000000000000692167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01046f30e70f602023-02-07 15:09:28.599root 11241100x8000000000000000692166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc28686c36b72852023-02-07 15:09:28.599root 11241100x8000000000000000692165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93024732973a4a692023-02-07 15:09:28.599root 11241100x8000000000000000692164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f099491beb0e222023-02-07 15:09:28.599root 11241100x8000000000000000692163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb69039d9856c5db2023-02-07 15:09:28.599root 11241100x8000000000000000692162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dce1b2eba1151c92023-02-07 15:09:28.599root 11241100x8000000000000000692161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f107172cd237536e2023-02-07 15:09:28.599root 11241100x8000000000000000692191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edbc042f7f022662023-02-07 15:09:28.600root 11241100x8000000000000000692190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e920f84c90d4452023-02-07 15:09:28.600root 11241100x8000000000000000692189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599626786ab94f6a2023-02-07 15:09:28.600root 11241100x8000000000000000692188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c59063ed57fa22023-02-07 15:09:28.600root 11241100x8000000000000000692187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe781562fa1a7a2023-02-07 15:09:28.600root 11241100x8000000000000000692186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc414a5ce72fee0a2023-02-07 15:09:28.600root 11241100x8000000000000000692185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7320f91e5dff5612023-02-07 15:09:28.600root 11241100x8000000000000000692184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c5a81ff8599ab2023-02-07 15:09:28.600root 11241100x8000000000000000692183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104694f718e178b02023-02-07 15:09:28.600root 11241100x8000000000000000692182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af106db6dbdadc02023-02-07 15:09:28.600root 11241100x8000000000000000692181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973659b7d3b88122023-02-07 15:09:28.600root 11241100x8000000000000000692180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0970005bb4c3402023-02-07 15:09:28.600root 11241100x8000000000000000692179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f2bc88702d5c352023-02-07 15:09:28.600root 11241100x8000000000000000692178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50273a4052f8b72023-02-07 15:09:28.600root 11241100x8000000000000000692177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6c6b6c3d67fea2023-02-07 15:09:28.600root 11241100x8000000000000000692176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc21e37ca0543c112023-02-07 15:09:28.600root 11241100x8000000000000000692207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dd15c6b6da4b3f2023-02-07 15:09:28.601root 11241100x8000000000000000692206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726af79ea16174752023-02-07 15:09:28.601root 11241100x8000000000000000692205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5d3eaca9b2e722023-02-07 15:09:28.601root 11241100x8000000000000000692204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f564e2fb231852023-02-07 15:09:28.601root 11241100x8000000000000000692203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94a048fb632f8b2023-02-07 15:09:28.601root 11241100x8000000000000000692202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4efcaf22b9b51232023-02-07 15:09:28.601root 11241100x8000000000000000692201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b15d24e5410e52023-02-07 15:09:28.601root 11241100x8000000000000000692200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eda269d1f5969a2023-02-07 15:09:28.601root 11241100x8000000000000000692199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357fb8d4820b06232023-02-07 15:09:28.601root 11241100x8000000000000000692198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af49bc03160e10c42023-02-07 15:09:28.601root 11241100x8000000000000000692197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162442236b2412a32023-02-07 15:09:28.601root 11241100x8000000000000000692196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c5db14f6bd8442023-02-07 15:09:28.601root 11241100x8000000000000000692195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18386c6c83e1c0462023-02-07 15:09:28.601root 11241100x8000000000000000692194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f7ec00b3b0fef2023-02-07 15:09:28.601root 11241100x8000000000000000692193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e92803f1118f0d72023-02-07 15:09:28.601root 11241100x8000000000000000692192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360491a15db289d52023-02-07 15:09:28.601root 11241100x8000000000000000692223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0804168fd442472023-02-07 15:09:28.602root 11241100x8000000000000000692222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f69e1b47305cac2023-02-07 15:09:28.602root 11241100x8000000000000000692221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c0e86aaef31e072023-02-07 15:09:28.602root 11241100x8000000000000000692220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6be57be907d4d602023-02-07 15:09:28.602root 11241100x8000000000000000692219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766358f0eb4494a52023-02-07 15:09:28.602root 11241100x8000000000000000692218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb5a656a230880a2023-02-07 15:09:28.602root 11241100x8000000000000000692217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa5356ca583b8322023-02-07 15:09:28.602root 11241100x8000000000000000692216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ac878e9943ca8f2023-02-07 15:09:28.602root 11241100x8000000000000000692215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f3132ad12494d2023-02-07 15:09:28.602root 11241100x8000000000000000692214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d209f566d55344502023-02-07 15:09:28.602root 11241100x8000000000000000692213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594ee0b2790d55c2023-02-07 15:09:28.602root 11241100x8000000000000000692212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87744692b50996f72023-02-07 15:09:28.602root 11241100x8000000000000000692211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1251f18b3e87baf2023-02-07 15:09:28.602root 11241100x8000000000000000692210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8ab330550caf332023-02-07 15:09:28.602root 11241100x8000000000000000692209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ded32a0ea3f75f2023-02-07 15:09:28.602root 11241100x8000000000000000692208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc22e365c5c3ba12023-02-07 15:09:28.602root 11241100x8000000000000000692229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072c9ef5cdf1dc72023-02-07 15:09:28.603root 11241100x8000000000000000692228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22501a90cebfeb2023-02-07 15:09:28.603root 11241100x8000000000000000692227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2afc337aa01a5c2023-02-07 15:09:28.603root 11241100x8000000000000000692226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49081f571743cf752023-02-07 15:09:28.603root 11241100x8000000000000000692225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a3b67d5887fa92023-02-07 15:09:28.603root 11241100x8000000000000000692224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb24b2288cd3052023-02-07 15:09:28.603root 11241100x8000000000000000692238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbe14fa58415a2d2023-02-07 15:09:28.604root 11241100x8000000000000000692237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dccd1cf0492f8c2023-02-07 15:09:28.604root 11241100x8000000000000000692236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a587ae4eb080142023-02-07 15:09:28.604root 11241100x8000000000000000692235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b22f641c16970ee2023-02-07 15:09:28.604root 11241100x8000000000000000692234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1efa9b4c2df861a2023-02-07 15:09:28.604root 11241100x8000000000000000692233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e14875ef226dfa2023-02-07 15:09:28.604root 11241100x8000000000000000692232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04cdf6213b930e92023-02-07 15:09:28.604root 11241100x8000000000000000692231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f6b693a0df97562023-02-07 15:09:28.604root 11241100x8000000000000000692230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458444440242bf8a2023-02-07 15:09:28.604root 11241100x8000000000000000692241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa38a0ed8baf572023-02-07 15:09:28.605root 11241100x8000000000000000692240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114d51439bedb62b2023-02-07 15:09:28.605root 11241100x8000000000000000692239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292581a4715f4eb52023-02-07 15:09:28.605root 11241100x8000000000000000692245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4631f4c7f91bfb2023-02-07 15:09:29.095root 11241100x8000000000000000692244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc7f2dc416b7b522023-02-07 15:09:29.095root 11241100x8000000000000000692243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6254b28fe2cb77d2023-02-07 15:09:29.095root 11241100x8000000000000000692242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb270ffe92123982023-02-07 15:09:29.095root 11241100x8000000000000000692248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac65378e65f8dbca2023-02-07 15:09:29.096root 11241100x8000000000000000692247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65459c597ba98f6c2023-02-07 15:09:29.096root 11241100x8000000000000000692246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ca8afca136adc2023-02-07 15:09:29.096root 11241100x8000000000000000692251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8835e585077acb12023-02-07 15:09:29.097root 11241100x8000000000000000692250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f2ee41aae990e92023-02-07 15:09:29.097root 11241100x8000000000000000692249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e68eefb41a4c4bf2023-02-07 15:09:29.097root 11241100x8000000000000000692253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15641876572318272023-02-07 15:09:29.098root 11241100x8000000000000000692252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0205d9ef61943bb52023-02-07 15:09:29.098root 11241100x8000000000000000692259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7018a314a44f2b3d2023-02-07 15:09:29.099root 11241100x8000000000000000692258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f73aafc48e3fa922023-02-07 15:09:29.099root 11241100x8000000000000000692257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d819973c9451422023-02-07 15:09:29.099root 11241100x8000000000000000692256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76d5a7579b3c412023-02-07 15:09:29.099root 11241100x8000000000000000692255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e355c91ce93e25f72023-02-07 15:09:29.099root 11241100x8000000000000000692254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6495897b98d89e792023-02-07 15:09:29.099root 11241100x8000000000000000692268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f90b94fdab1c4a2023-02-07 15:09:29.100root 11241100x8000000000000000692267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80d29c4ed2d162e2023-02-07 15:09:29.100root 11241100x8000000000000000692266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab6ed13f2185922023-02-07 15:09:29.100root 11241100x8000000000000000692265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3cb72ee04069e42023-02-07 15:09:29.100root 11241100x8000000000000000692264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c5d9165b3a7172023-02-07 15:09:29.100root 11241100x8000000000000000692263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a841c60686f3572023-02-07 15:09:29.100root 11241100x8000000000000000692262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e4bb49279feb12023-02-07 15:09:29.100root 11241100x8000000000000000692261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c92da1388db032023-02-07 15:09:29.100root 11241100x8000000000000000692260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f7f4f87bd6ba2f2023-02-07 15:09:29.100root 11241100x8000000000000000692277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e7cc9094b215992023-02-07 15:09:29.101root 11241100x8000000000000000692276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c369ab29ea99be72023-02-07 15:09:29.101root 11241100x8000000000000000692275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c41cfef2d8604312023-02-07 15:09:29.101root 11241100x8000000000000000692274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8edcbc18f6ec4452023-02-07 15:09:29.101root 11241100x8000000000000000692273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060f67937c92b0e92023-02-07 15:09:29.101root 11241100x8000000000000000692272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6203cee76dd0b9d02023-02-07 15:09:29.101root 11241100x8000000000000000692271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a7157bd84f4142023-02-07 15:09:29.101root 11241100x8000000000000000692270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d539da8c54e587c2023-02-07 15:09:29.101root 11241100x8000000000000000692269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5b40cd082de3c12023-02-07 15:09:29.101root 11241100x8000000000000000692284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85cc10b66275f952023-02-07 15:09:29.102root 11241100x8000000000000000692283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4107400b58851372023-02-07 15:09:29.102root 11241100x8000000000000000692282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e43a275c560a52023-02-07 15:09:29.102root 11241100x8000000000000000692281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ee9bac6b12fc8e2023-02-07 15:09:29.102root 11241100x8000000000000000692280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db93418f57f9dd2023-02-07 15:09:29.102root 11241100x8000000000000000692279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcfb241ad34ebdd2023-02-07 15:09:29.102root 11241100x8000000000000000692278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7747709c92866f12023-02-07 15:09:29.102root 11241100x8000000000000000692288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a1ae9058b445a32023-02-07 15:09:29.103root 11241100x8000000000000000692287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c44ab1649a75a12023-02-07 15:09:29.103root 11241100x8000000000000000692286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52831296f06b1412023-02-07 15:09:29.103root 11241100x8000000000000000692285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47dc8f1863758372023-02-07 15:09:29.103root 11241100x8000000000000000692292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbba96e2896f30f22023-02-07 15:09:29.104root 11241100x8000000000000000692291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b173aef86d1c5a2023-02-07 15:09:29.104root 11241100x8000000000000000692290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8425baeb7de39f2023-02-07 15:09:29.104root 11241100x8000000000000000692289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02cab9452220d7f2023-02-07 15:09:29.104root 11241100x8000000000000000692297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31785ff744e561a52023-02-07 15:09:29.105root 11241100x8000000000000000692296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4262877910e553302023-02-07 15:09:29.105root 11241100x8000000000000000692295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a2b41f92c9997e2023-02-07 15:09:29.105root 11241100x8000000000000000692294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1065c4fdd8b17ee2023-02-07 15:09:29.105root 11241100x8000000000000000692293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226dc8686f5fa672023-02-07 15:09:29.105root 11241100x8000000000000000692304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c47057ccc6dd02023-02-07 15:09:29.106root 11241100x8000000000000000692303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77f95bff54fb4a2023-02-07 15:09:29.106root 11241100x8000000000000000692302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a87c983009a92f2023-02-07 15:09:29.106root 11241100x8000000000000000692301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50de7007a1eae62023-02-07 15:09:29.106root 11241100x8000000000000000692300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd41924994d19dfa2023-02-07 15:09:29.106root 11241100x8000000000000000692299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d795a74bcb846d572023-02-07 15:09:29.106root 11241100x8000000000000000692298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f291cba670603d652023-02-07 15:09:29.106root 11241100x8000000000000000692308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c6d8d2436deda72023-02-07 15:09:29.107root 11241100x8000000000000000692307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a45f827b614c3e2023-02-07 15:09:29.107root 11241100x8000000000000000692306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d00963542713712023-02-07 15:09:29.107root 11241100x8000000000000000692305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62c8c1176be355b2023-02-07 15:09:29.107root 11241100x8000000000000000692312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976c7cddf37c9aed2023-02-07 15:09:29.595root 11241100x8000000000000000692311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922493ec0bff9da2023-02-07 15:09:29.595root 11241100x8000000000000000692310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d764b590bcf782023-02-07 15:09:29.595root 11241100x8000000000000000692309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691c1ca1eff8bf82023-02-07 15:09:29.595root 11241100x8000000000000000692318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d990f6d24230d32023-02-07 15:09:29.596root 11241100x8000000000000000692317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf1ef414f1d7d622023-02-07 15:09:29.596root 11241100x8000000000000000692316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9bdd7b6ffa73182023-02-07 15:09:29.596root 11241100x8000000000000000692315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb6d41d5d4fbc92023-02-07 15:09:29.596root 11241100x8000000000000000692314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa5d66946fe81c22023-02-07 15:09:29.596root 11241100x8000000000000000692313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076348d5a00963bd2023-02-07 15:09:29.596root 11241100x8000000000000000692323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d892cdaeb0608222023-02-07 15:09:29.597root 11241100x8000000000000000692322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645277fe6fc53a5b2023-02-07 15:09:29.597root 11241100x8000000000000000692321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dbcf7ce83a73fc2023-02-07 15:09:29.597root 11241100x8000000000000000692320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3e390bafcb56952023-02-07 15:09:29.597root 11241100x8000000000000000692319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96eea79a7bbfeca2023-02-07 15:09:29.597root 11241100x8000000000000000692328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30244adbb2bd2582023-02-07 15:09:29.598root 11241100x8000000000000000692327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7792ec84c766bd6f2023-02-07 15:09:29.598root 11241100x8000000000000000692326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42b5d3940070372023-02-07 15:09:29.598root 11241100x8000000000000000692325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f34bf9ad11e0c5f2023-02-07 15:09:29.598root 11241100x8000000000000000692324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506fb999b2b76b6b2023-02-07 15:09:29.598root 11241100x8000000000000000692332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef1bf52602269a62023-02-07 15:09:29.599root 11241100x8000000000000000692331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfce934d6c6d86c2023-02-07 15:09:29.599root 11241100x8000000000000000692330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679eb6da99054c72023-02-07 15:09:29.599root 11241100x8000000000000000692329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72da9e562ba93bf2023-02-07 15:09:29.599root 11241100x8000000000000000692337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6614f52e928802023-02-07 15:09:29.600root 11241100x8000000000000000692336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ae2bdd47b99b492023-02-07 15:09:29.600root 11241100x8000000000000000692335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedfd745d19700862023-02-07 15:09:29.600root 11241100x8000000000000000692334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccaec800b5cb8172023-02-07 15:09:29.600root 11241100x8000000000000000692333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cfbcb7043bbb332023-02-07 15:09:29.600root 11241100x8000000000000000692342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5146333627aacc052023-02-07 15:09:29.601root 11241100x8000000000000000692341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691616d34452daf2023-02-07 15:09:29.601root 11241100x8000000000000000692340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3bcd30aac8e25e2023-02-07 15:09:29.601root 11241100x8000000000000000692339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6476ce30a3371362023-02-07 15:09:29.601root 11241100x8000000000000000692338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41577d312a8a59a2023-02-07 15:09:29.601root 11241100x8000000000000000692346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d54babc36f6af4b2023-02-07 15:09:29.602root 11241100x8000000000000000692345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac141a3ee2763b2023-02-07 15:09:29.602root 11241100x8000000000000000692344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550969370ccda932023-02-07 15:09:29.602root 11241100x8000000000000000692343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fa8931d684b9672023-02-07 15:09:29.602root 11241100x8000000000000000692351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e5791b4f6ec812023-02-07 15:09:29.603root 11241100x8000000000000000692350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aed173a1891d2b2023-02-07 15:09:29.603root 11241100x8000000000000000692349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06b1e7b4740be0a2023-02-07 15:09:29.603root 11241100x8000000000000000692348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1054da744bd5cd592023-02-07 15:09:29.603root 11241100x8000000000000000692347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a74528a0faad5e2023-02-07 15:09:29.603root 11241100x8000000000000000692355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab395992deee5c232023-02-07 15:09:29.604root 11241100x8000000000000000692354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15916a5d12a4c47a2023-02-07 15:09:29.604root 11241100x8000000000000000692353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a4e54a93c08712023-02-07 15:09:29.604root 11241100x8000000000000000692352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a253006aca2ccb2023-02-07 15:09:29.604root 11241100x8000000000000000692359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b81ae7a597afc6e2023-02-07 15:09:29.605root 11241100x8000000000000000692358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf36473477386b2023-02-07 15:09:29.605root 11241100x8000000000000000692357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa0d1afaa2e6ef2023-02-07 15:09:29.605root 11241100x8000000000000000692356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a0bf2a2cc02482023-02-07 15:09:29.605root 11241100x8000000000000000692363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3833d3b23ff4565b2023-02-07 15:09:29.606root 11241100x8000000000000000692362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e294c6c2a0e682023-02-07 15:09:29.606root 11241100x8000000000000000692361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbd2e9ad82ce9602023-02-07 15:09:29.606root 11241100x8000000000000000692360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd02c161e06c3b282023-02-07 15:09:29.606root 11241100x8000000000000000692368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af1aa1c6e9bce662023-02-07 15:09:29.607root 11241100x8000000000000000692367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9975b76d14c4ef732023-02-07 15:09:29.607root 11241100x8000000000000000692366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a866fa7c34c9662023-02-07 15:09:29.607root 11241100x8000000000000000692365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6731b47a93fde92023-02-07 15:09:29.607root 11241100x8000000000000000692364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fafb30930063102023-02-07 15:09:29.607root 11241100x8000000000000000692369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.608{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684f4964531010f12023-02-07 15:09:29.608root 11241100x8000000000000000692371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b35aac5d36ce52023-02-07 15:09:30.095root 11241100x8000000000000000692370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4587ca911b302f02023-02-07 15:09:30.095root 11241100x8000000000000000692379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cc62a5276584b92023-02-07 15:09:30.096root 11241100x8000000000000000692378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e40859fd9741d52023-02-07 15:09:30.096root 11241100x8000000000000000692377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f28b76ce49a33f2023-02-07 15:09:30.096root 11241100x8000000000000000692376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cb35a38401aaea2023-02-07 15:09:30.096root 11241100x8000000000000000692375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d164aa287cdcc3d02023-02-07 15:09:30.096root 11241100x8000000000000000692374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2005c01cb78acb2023-02-07 15:09:30.096root 11241100x8000000000000000692373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da21e8b0208a3ffb2023-02-07 15:09:30.096root 11241100x8000000000000000692372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55396548a6c9ab082023-02-07 15:09:30.096root 11241100x8000000000000000692389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8187682478e792023-02-07 15:09:30.097root 11241100x8000000000000000692388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37fa8797f6451982023-02-07 15:09:30.097root 11241100x8000000000000000692387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f203eee7c695e2023-02-07 15:09:30.097root 11241100x8000000000000000692386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976535fc4cd1ed962023-02-07 15:09:30.097root 11241100x8000000000000000692385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d935715114b7312023-02-07 15:09:30.097root 11241100x8000000000000000692384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271bd583512e27292023-02-07 15:09:30.097root 11241100x8000000000000000692383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48281e35348baebb2023-02-07 15:09:30.097root 11241100x8000000000000000692382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf9ae5b183d6a672023-02-07 15:09:30.097root 11241100x8000000000000000692381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5095c5f008d43d3a2023-02-07 15:09:30.097root 11241100x8000000000000000692380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283f3aea7bcea4db2023-02-07 15:09:30.097root 11241100x8000000000000000692400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021fb9380760a8002023-02-07 15:09:30.098root 11241100x8000000000000000692399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04217198dcac86372023-02-07 15:09:30.098root 11241100x8000000000000000692398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a459892cf1af1d2023-02-07 15:09:30.098root 11241100x8000000000000000692397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b316075f461f57f2023-02-07 15:09:30.098root 11241100x8000000000000000692396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f55df107fe34e612023-02-07 15:09:30.098root 11241100x8000000000000000692395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7369c6febcd18452023-02-07 15:09:30.098root 11241100x8000000000000000692394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb0f0467b8236962023-02-07 15:09:30.098root 11241100x8000000000000000692393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f86d49acbafb482023-02-07 15:09:30.098root 11241100x8000000000000000692392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2701f2f2739161ca2023-02-07 15:09:30.098root 11241100x8000000000000000692391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff527e3879c7d312023-02-07 15:09:30.098root 11241100x8000000000000000692390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53da9d496451b9b22023-02-07 15:09:30.098root 11241100x8000000000000000692410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97224bf4fae746fa2023-02-07 15:09:30.099root 11241100x8000000000000000692409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe115782b09d04d72023-02-07 15:09:30.099root 11241100x8000000000000000692408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e587366934b6d72e2023-02-07 15:09:30.099root 11241100x8000000000000000692407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb420197e34e8bd32023-02-07 15:09:30.099root 11241100x8000000000000000692406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28fbdfdc050452a2023-02-07 15:09:30.099root 11241100x8000000000000000692405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ca24f8cd5b409f2023-02-07 15:09:30.099root 11241100x8000000000000000692404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4910635441ac26142023-02-07 15:09:30.099root 11241100x8000000000000000692403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04355cac9687e5f62023-02-07 15:09:30.099root 11241100x8000000000000000692402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f05ac5d3f8fd542023-02-07 15:09:30.099root 11241100x8000000000000000692401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8772ef0fc820a1d2023-02-07 15:09:30.099root 11241100x8000000000000000692412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83acffe12d786df2023-02-07 15:09:30.100root 11241100x8000000000000000692411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c302fd44b2b2dce2023-02-07 15:09:30.100root 11241100x8000000000000000692416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f9b476e34c02b72023-02-07 15:09:30.595root 11241100x8000000000000000692415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a747a8cecd0075162023-02-07 15:09:30.595root 11241100x8000000000000000692414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93623194d6d284a2023-02-07 15:09:30.595root 11241100x8000000000000000692413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343712b645020dcc2023-02-07 15:09:30.595root 11241100x8000000000000000692420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e12129ab43f17c2023-02-07 15:09:30.596root 11241100x8000000000000000692419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1134429a86139c672023-02-07 15:09:30.596root 11241100x8000000000000000692418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b92bd36b48c98c42023-02-07 15:09:30.596root 11241100x8000000000000000692417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f59d68d9be95d842023-02-07 15:09:30.596root 11241100x8000000000000000692424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a188b38566aecc2023-02-07 15:09:30.597root 11241100x8000000000000000692423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa26f2eee1d7bb42023-02-07 15:09:30.597root 11241100x8000000000000000692422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e79d405c23a342023-02-07 15:09:30.597root 11241100x8000000000000000692421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec7f098b6748e3d2023-02-07 15:09:30.597root 11241100x8000000000000000692431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c6784982a72ec02023-02-07 15:09:30.598root 11241100x8000000000000000692430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b5da8b5260df122023-02-07 15:09:30.598root 11241100x8000000000000000692429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27e4d4ad9c79da2023-02-07 15:09:30.598root 11241100x8000000000000000692428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6acc06c46c0a002023-02-07 15:09:30.598root 11241100x8000000000000000692427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545e1ff8be3438152023-02-07 15:09:30.598root 11241100x8000000000000000692426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb5c22f242e1412023-02-07 15:09:30.598root 11241100x8000000000000000692425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c94edd9960eff2023-02-07 15:09:30.598root 11241100x8000000000000000692437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f97e62214b08872023-02-07 15:09:30.599root 11241100x8000000000000000692436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7cdc505567a852023-02-07 15:09:30.599root 11241100x8000000000000000692435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571d4bee4b485442023-02-07 15:09:30.599root 11241100x8000000000000000692434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d098bd52075ed092023-02-07 15:09:30.599root 11241100x8000000000000000692433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6ee29c16a588692023-02-07 15:09:30.599root 11241100x8000000000000000692432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39446f18466d54d2023-02-07 15:09:30.599root 11241100x8000000000000000692444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6304f463f07d061e2023-02-07 15:09:30.600root 11241100x8000000000000000692443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9dbe8bea163b32023-02-07 15:09:30.600root 11241100x8000000000000000692442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef684dfbb1acedf2023-02-07 15:09:30.600root 11241100x8000000000000000692441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef3f83c04dcd702023-02-07 15:09:30.600root 11241100x8000000000000000692440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c43b4bd4c5798a12023-02-07 15:09:30.600root 11241100x8000000000000000692439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1200f4428648032c2023-02-07 15:09:30.600root 11241100x8000000000000000692438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac03631ab8848d92023-02-07 15:09:30.600root 11241100x8000000000000000692448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37ae2889a0a2aab2023-02-07 15:09:30.601root 11241100x8000000000000000692447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec893a02516d9c02023-02-07 15:09:30.601root 11241100x8000000000000000692446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154d73731cbf45c12023-02-07 15:09:30.601root 11241100x8000000000000000692445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a880b7e8016cc12023-02-07 15:09:30.601root 11241100x8000000000000000692450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdecf21fee247702023-02-07 15:09:31.095root 11241100x8000000000000000692449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bad76eb9422d6a22023-02-07 15:09:31.095root 11241100x8000000000000000692455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e22ca555f80734d2023-02-07 15:09:31.096root 11241100x8000000000000000692454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c98b81377b23c2023-02-07 15:09:31.096root 11241100x8000000000000000692453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e74431f6813958f2023-02-07 15:09:31.096root 11241100x8000000000000000692452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619582b45f909892023-02-07 15:09:31.096root 11241100x8000000000000000692451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7947406cc9bdab32023-02-07 15:09:31.096root 11241100x8000000000000000692464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e600f293e8b3b2023-02-07 15:09:31.097root 11241100x8000000000000000692463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6f9745ceadd972023-02-07 15:09:31.097root 11241100x8000000000000000692462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb57750de15cf52023-02-07 15:09:31.097root 11241100x8000000000000000692461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50bcba220f767fb2023-02-07 15:09:31.097root 11241100x8000000000000000692460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7df1372aaf59752023-02-07 15:09:31.097root 11241100x8000000000000000692459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bffd8658b736332023-02-07 15:09:31.097root 11241100x8000000000000000692458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8586512abbd3ce62023-02-07 15:09:31.097root 11241100x8000000000000000692457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a645ec3a39c1baa2023-02-07 15:09:31.097root 11241100x8000000000000000692456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1199664a64d7aac2023-02-07 15:09:31.097root 11241100x8000000000000000692467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140a1350ba73bc392023-02-07 15:09:31.098root 11241100x8000000000000000692466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41789c7e444bb2f72023-02-07 15:09:31.098root 11241100x8000000000000000692465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cec9ed5071426d62023-02-07 15:09:31.098root 11241100x8000000000000000692471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ebc2a22e65b6a92023-02-07 15:09:31.099root 11241100x8000000000000000692470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a925560898c9a3e2023-02-07 15:09:31.099root 11241100x8000000000000000692469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afb8f830286934e2023-02-07 15:09:31.099root 11241100x8000000000000000692468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d572f7d778e5552023-02-07 15:09:31.099root 11241100x8000000000000000692473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212faccd21d65fbf2023-02-07 15:09:31.101root 11241100x8000000000000000692472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e3c8bd64a399f2023-02-07 15:09:31.101root 11241100x8000000000000000692480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3735268e983953222023-02-07 15:09:31.102root 11241100x8000000000000000692479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fafadb366172ff72023-02-07 15:09:31.102root 11241100x8000000000000000692478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be550164fd8c05382023-02-07 15:09:31.102root 11241100x8000000000000000692477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3c10f7b670d87c2023-02-07 15:09:31.102root 11241100x8000000000000000692476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fbce724cfe7b1d2023-02-07 15:09:31.102root 11241100x8000000000000000692475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d9ca5bbfdc6182023-02-07 15:09:31.102root 11241100x8000000000000000692474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82952e66853fbdb2023-02-07 15:09:31.102root 11241100x8000000000000000692483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c34353207cc082023-02-07 15:09:31.103root 11241100x8000000000000000692482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884d75bdbe4dd7f82023-02-07 15:09:31.103root 11241100x8000000000000000692481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e5167a3d19ad792023-02-07 15:09:31.103root 11241100x8000000000000000692486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6048f76e1fe0332023-02-07 15:09:31.104root 11241100x8000000000000000692485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e24686aa5e20412023-02-07 15:09:31.104root 11241100x8000000000000000692484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d885fcf46221972023-02-07 15:09:31.104root 11241100x8000000000000000692489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c28823fe33749d2023-02-07 15:09:31.105root 11241100x8000000000000000692488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28dc8a9548a8e62023-02-07 15:09:31.105root 11241100x8000000000000000692487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e375dcac76dfc02023-02-07 15:09:31.105root 354300x8000000000000000692490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.169{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44182-false10.0.1.12-8000- 11241100x8000000000000000692497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311040b167e2e7ee2023-02-07 15:09:31.595root 11241100x8000000000000000692496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c1967d70b8ac8d2023-02-07 15:09:31.595root 11241100x8000000000000000692495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c7e0deeea5fab72023-02-07 15:09:31.595root 11241100x8000000000000000692494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3ab4049f461222023-02-07 15:09:31.595root 11241100x8000000000000000692493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ac70e2dcbe41862023-02-07 15:09:31.595root 11241100x8000000000000000692492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ef78e4630e7302023-02-07 15:09:31.595root 11241100x8000000000000000692491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341946d38d4b29672023-02-07 15:09:31.595root 11241100x8000000000000000692510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f5173148930a72023-02-07 15:09:31.596root 11241100x8000000000000000692509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb81aa5db963742023-02-07 15:09:31.596root 11241100x8000000000000000692508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301a2303c9abb582023-02-07 15:09:31.596root 11241100x8000000000000000692507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d6168c16172f9c2023-02-07 15:09:31.596root 11241100x8000000000000000692506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b856f6643e467a2023-02-07 15:09:31.596root 11241100x8000000000000000692505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cfa4a30c5837fc2023-02-07 15:09:31.596root 11241100x8000000000000000692504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920843c32e3b876f2023-02-07 15:09:31.596root 11241100x8000000000000000692503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e6b47154db4a32023-02-07 15:09:31.596root 11241100x8000000000000000692502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b4a441b799ef42023-02-07 15:09:31.596root 11241100x8000000000000000692501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77598a645b83672023-02-07 15:09:31.596root 11241100x8000000000000000692500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ec437b9dede372023-02-07 15:09:31.596root 11241100x8000000000000000692499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd8ecc470d509af2023-02-07 15:09:31.596root 11241100x8000000000000000692498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ff172f274ab6b2023-02-07 15:09:31.596root 11241100x8000000000000000692511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ec9108251bb1372023-02-07 15:09:31.597root 354300x8000000000000000692549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:37.123{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51134-false10.0.1.12-8000- 11241100x8000000000000000692550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfbd0ba23a932bb2023-02-07 15:09:37.595root 11241100x8000000000000000692551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a4640cef2ded3f2023-02-07 15:09:38.095root 11241100x8000000000000000692552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83cdaae0ca79122023-02-07 15:09:38.595root 11241100x8000000000000000692553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b923b3027e4ed3152023-02-07 15:09:39.095root 11241100x8000000000000000692554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fafe8c2053c226a2023-02-07 15:09:39.595root 11241100x8000000000000000692555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8bd7390ce6abb92023-02-07 15:09:40.095root 11241100x8000000000000000692556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994a6ea35ffa54482023-02-07 15:09:40.595root 11241100x8000000000000000692557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a2d22db81e34ad2023-02-07 15:09:41.095root 11241100x8000000000000000692558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade6146b54c70e92023-02-07 15:09:41.595root 11241100x8000000000000000692559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac29a29ca988712d2023-02-07 15:09:42.095root 354300x8000000000000000692560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.169{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51142-false10.0.1.12-8000- 11241100x8000000000000000692562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788fdbcd06508ff22023-02-07 15:09:42.595root 11241100x8000000000000000692561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf9d447c34635a2023-02-07 15:09:42.595root 11241100x8000000000000000692564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638cad456f6e00912023-02-07 15:09:43.095root 11241100x8000000000000000692563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee28d496d5a56cc2023-02-07 15:09:43.095root 11241100x8000000000000000692566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24240f4f1f97a1bd2023-02-07 15:09:43.595root 11241100x8000000000000000692565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb57d0e7dafd6602023-02-07 15:09:43.595root 11241100x8000000000000000692568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12db4b0dcc3a87482023-02-07 15:09:44.095root 11241100x8000000000000000692567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540af9e816559e292023-02-07 15:09:44.095root 11241100x8000000000000000692570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66e7634e1698da2023-02-07 15:09:44.595root 11241100x8000000000000000692569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26cbdbcf900c7072023-02-07 15:09:44.595root 11241100x8000000000000000692572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5275bed9810f192023-02-07 15:09:45.095root 11241100x8000000000000000692571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d861812fa83a172023-02-07 15:09:45.095root 11241100x8000000000000000692574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea5e0e2bb0f6f32023-02-07 15:09:45.595root 11241100x8000000000000000692573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e250c8f19756942023-02-07 15:09:45.595root 11241100x8000000000000000692576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045cb65a849ab5182023-02-07 15:09:46.095root 11241100x8000000000000000692575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae449f5f4fae8b02023-02-07 15:09:46.095root 11241100x8000000000000000692578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d006f804f092a12023-02-07 15:09:46.595root 11241100x8000000000000000692577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d924dfe64ef4f2023-02-07 15:09:46.595root 11241100x8000000000000000692580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287c5457c19bcb32023-02-07 15:09:47.095root 11241100x8000000000000000692579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf5f44d94bc79e2023-02-07 15:09:47.095root 354300x8000000000000000692581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.247{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47776-false10.0.1.12-8000- 11241100x8000000000000000692584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41ece8b38bd2f22023-02-07 15:09:47.595root 11241100x8000000000000000692583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976c8cb666c45172023-02-07 15:09:47.595root 11241100x8000000000000000692582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53bca19535daafd2023-02-07 15:09:47.595root 11241100x8000000000000000692587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39145c1666e03c2023-02-07 15:09:48.095root 11241100x8000000000000000692586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f60831445a9c5b2023-02-07 15:09:48.095root 11241100x8000000000000000692585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e5603aa723bdb62023-02-07 15:09:48.095root 154100x8000000000000000692588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.114{ec244aba-69bc-63e2-6884-683c8c550000}6101/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000692589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.130{ec244aba-69bc-63e2-6884-683c8c550000}6101/bin/psroot 11241100x8000000000000000692592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e18df68cea241ea2023-02-07 15:09:48.595root 11241100x8000000000000000692591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9ac6a875786ea62023-02-07 15:09:48.595root 11241100x8000000000000000692590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4a26518aff6ee2023-02-07 15:09:48.595root 11241100x8000000000000000692594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede88aee4c5330e22023-02-07 15:09:48.596root 11241100x8000000000000000692593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96be49fb4a5b54a2023-02-07 15:09:48.596root 11241100x8000000000000000692598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5390667c5b6438e2023-02-07 15:09:49.095root 11241100x8000000000000000692597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeea0a929b137ec2023-02-07 15:09:49.095root 11241100x8000000000000000692596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccff027697183e32023-02-07 15:09:49.095root 11241100x8000000000000000692595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcefd33d3c5f24ff2023-02-07 15:09:49.095root 11241100x8000000000000000692599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a04c025bc2464832023-02-07 15:09:49.096root 11241100x8000000000000000692603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8e950a13a31a372023-02-07 15:09:49.595root 11241100x8000000000000000692602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50936baa65d4bce22023-02-07 15:09:49.595root 11241100x8000000000000000692601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02896eb4dd17bcd62023-02-07 15:09:49.595root 11241100x8000000000000000692600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7b9747fb85b1f52023-02-07 15:09:49.595root 11241100x8000000000000000692604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c4d1643552f9f2023-02-07 15:09:49.596root 11241100x8000000000000000692605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3db6b9f6133c52023-02-07 15:09:50.095root 11241100x8000000000000000692609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b33155d39ace62023-02-07 15:09:50.096root 11241100x8000000000000000692608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b927cee494b4d2023-02-07 15:09:50.096root 11241100x8000000000000000692607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708332bcf26121c2023-02-07 15:09:50.096root 11241100x8000000000000000692606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7157cd57218450222023-02-07 15:09:50.096root 11241100x8000000000000000692613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52e55c4d304a962023-02-07 15:09:50.595root 11241100x8000000000000000692612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a45e4ff25ddcdef2023-02-07 15:09:50.595root 11241100x8000000000000000692611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46524a3c71a9a8e2023-02-07 15:09:50.595root 11241100x8000000000000000692610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afee6c76c4f68a62023-02-07 15:09:50.595root 11241100x8000000000000000692614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a4824eb29560c62023-02-07 15:09:50.596root 11241100x8000000000000000692617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c829dac0aafe27cd2023-02-07 15:09:51.095root 11241100x8000000000000000692616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a232febf3e3c8c222023-02-07 15:09:51.095root 11241100x8000000000000000692615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398a0e13ce427d02023-02-07 15:09:51.095root 11241100x8000000000000000692619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f988b2202b1549eb2023-02-07 15:09:51.096root 11241100x8000000000000000692618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6fc1a420400a632023-02-07 15:09:51.096root 11241100x8000000000000000692624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb67bcb32e38bf4d2023-02-07 15:09:51.595root 11241100x8000000000000000692623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d1b722bf323132023-02-07 15:09:51.595root 11241100x8000000000000000692622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f39c5c6f3f08332023-02-07 15:09:51.595root 11241100x8000000000000000692621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476ef5cfce1fa6892023-02-07 15:09:51.595root 11241100x8000000000000000692620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8e60333c03d49d2023-02-07 15:09:51.595root 11241100x8000000000000000692629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336326a8b0c75472023-02-07 15:09:52.095root 11241100x8000000000000000692628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849c45b4268f9e612023-02-07 15:09:52.095root 11241100x8000000000000000692627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab01f401175b9a2023-02-07 15:09:52.095root 11241100x8000000000000000692626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1832c83a4d9f66e02023-02-07 15:09:52.095root 11241100x8000000000000000692625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9bd66a64fefdc42023-02-07 15:09:52.095root 11241100x8000000000000000692634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f389a42fff9273942023-02-07 15:09:52.595root 11241100x8000000000000000692633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5575bb6fda6e792023-02-07 15:09:52.595root 11241100x8000000000000000692632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fedf72d34c231452023-02-07 15:09:52.595root 11241100x8000000000000000692631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577a1ece0ffab95f2023-02-07 15:09:52.595root 11241100x8000000000000000692630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71792ca1cd3275f62023-02-07 15:09:52.595root 11241100x8000000000000000692639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6e27a455fac402023-02-07 15:09:53.095root 11241100x8000000000000000692638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfc4e1b4f0467812023-02-07 15:09:53.095root 11241100x8000000000000000692637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccbd2a729ad66092023-02-07 15:09:53.095root 11241100x8000000000000000692636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bed77b95827f6b2023-02-07 15:09:53.095root 11241100x8000000000000000692635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6514b2bc553afb62023-02-07 15:09:53.095root 354300x8000000000000000692640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47792-false10.0.1.12-8000- 11241100x8000000000000000692641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c521d7b5106c8b2023-02-07 15:09:53.595root 11241100x8000000000000000692644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49b64d3e1b343622023-02-07 15:09:53.596root 11241100x8000000000000000692643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6c3f731fff04a2023-02-07 15:09:53.596root 11241100x8000000000000000692642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a61d77b792986632023-02-07 15:09:53.596root 11241100x8000000000000000692646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a5528d464f8532023-02-07 15:09:53.597root 11241100x8000000000000000692645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79db6f09ed15f0f2023-02-07 15:09:53.597root 11241100x8000000000000000692651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605417fe1fde1fd2023-02-07 15:09:54.095root 11241100x8000000000000000692650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18535eb164a8035e2023-02-07 15:09:54.095root 11241100x8000000000000000692649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2bff27211487d42023-02-07 15:09:54.095root 11241100x8000000000000000692648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1561c4a285b532802023-02-07 15:09:54.095root 11241100x8000000000000000692647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2b30c1d441bdd2023-02-07 15:09:54.095root 11241100x8000000000000000692652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c275d008900492023-02-07 15:09:54.096root 11241100x8000000000000000692657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a80e8caf0dd91652023-02-07 15:09:54.595root 11241100x8000000000000000692656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45e96f390d083b2023-02-07 15:09:54.595root 11241100x8000000000000000692655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a278347c0831d722023-02-07 15:09:54.595root 11241100x8000000000000000692654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87f7ada48b36e702023-02-07 15:09:54.595root 11241100x8000000000000000692653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd957ffc7b606c2023-02-07 15:09:54.595root 11241100x8000000000000000692658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af652e4f83fbe7822023-02-07 15:09:54.596root 11241100x8000000000000000692659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:09:54.732root 11241100x8000000000000000692664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76f8c038385f892023-02-07 15:09:55.095root 11241100x8000000000000000692663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16d533c22d0611b2023-02-07 15:09:55.095root 11241100x8000000000000000692662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88012031688ae1292023-02-07 15:09:55.095root 11241100x8000000000000000692661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3bba9bd11cae82023-02-07 15:09:55.095root 11241100x8000000000000000692660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587ecfe51ba7cce92023-02-07 15:09:55.095root 11241100x8000000000000000692666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556d342d2163101b2023-02-07 15:09:55.096root 11241100x8000000000000000692665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ebe910bf1becf2023-02-07 15:09:55.096root 11241100x8000000000000000692668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407ca713a10a4ce2023-02-07 15:09:55.595root 11241100x8000000000000000692667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195859ffea4a49f2023-02-07 15:09:55.595root 11241100x8000000000000000692672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c6df80fcd92d942023-02-07 15:09:55.596root 11241100x8000000000000000692671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e995133cfd5e24a72023-02-07 15:09:55.596root 11241100x8000000000000000692670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709647e346df16c92023-02-07 15:09:55.596root 11241100x8000000000000000692669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190f5a88e81043a2023-02-07 15:09:55.596root 11241100x8000000000000000692673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ea327d9e1e6dc82023-02-07 15:09:55.597root 11241100x8000000000000000692680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da488ff50b848f82023-02-07 15:09:56.095root 11241100x8000000000000000692679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5af78f11047d972023-02-07 15:09:56.095root 11241100x8000000000000000692678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754ede342bf192ce2023-02-07 15:09:56.095root 11241100x8000000000000000692677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae44d787f40566982023-02-07 15:09:56.095root 11241100x8000000000000000692676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4d0926010a02662023-02-07 15:09:56.095root 11241100x8000000000000000692675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c3b1de05cdac32023-02-07 15:09:56.095root 11241100x8000000000000000692674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd1c073ee4fe51c2023-02-07 15:09:56.095root 11241100x8000000000000000692683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaa5a2814e2774d2023-02-07 15:09:56.595root 11241100x8000000000000000692682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3791d9f3599732432023-02-07 15:09:56.595root 11241100x8000000000000000692681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0725bd5bddd68d2023-02-07 15:09:56.595root 11241100x8000000000000000692687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c26df1ca768e52023-02-07 15:09:56.596root 11241100x8000000000000000692686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb680e522b5498462023-02-07 15:09:56.596root 11241100x8000000000000000692685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32705f55cb6d701d2023-02-07 15:09:56.596root 11241100x8000000000000000692684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf52d9cb8b634df2023-02-07 15:09:56.596root 11241100x8000000000000000692689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab95cb28661e51d32023-02-07 15:09:57.095root 11241100x8000000000000000692688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940421c6da5e29872023-02-07 15:09:57.095root 11241100x8000000000000000692694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbe002e8514b6c82023-02-07 15:09:57.096root 11241100x8000000000000000692693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0633baf1245e4a2023-02-07 15:09:57.096root 11241100x8000000000000000692692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28237d8d3c85ea52023-02-07 15:09:57.096root 11241100x8000000000000000692691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edddac9968cb0602023-02-07 15:09:57.096root 11241100x8000000000000000692690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef94e03ba9da93272023-02-07 15:09:57.096root 11241100x8000000000000000692700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda3922a40a93562023-02-07 15:09:57.595root 11241100x8000000000000000692699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522553e515dca7192023-02-07 15:09:57.595root 11241100x8000000000000000692698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca311184ff58b1c2023-02-07 15:09:57.595root 11241100x8000000000000000692697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f96bd2b64a89562023-02-07 15:09:57.595root 11241100x8000000000000000692696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74435d43508fad2023-02-07 15:09:57.595root 11241100x8000000000000000692695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1416664467d3522023-02-07 15:09:57.595root 11241100x8000000000000000692701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d5a53f6783f96d2023-02-07 15:09:57.596root 23542300x8000000000000000692702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.733{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000692708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f8371ede961b202023-02-07 15:09:58.095root 11241100x8000000000000000692707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e40d53c939d6e2d2023-02-07 15:09:58.095root 11241100x8000000000000000692706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd0fc4b9721f1c2023-02-07 15:09:58.095root 11241100x8000000000000000692705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f3ae31cf383fbc2023-02-07 15:09:58.095root 11241100x8000000000000000692704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363576266ba4ea0d2023-02-07 15:09:58.095root 11241100x8000000000000000692703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bcf99e3185b9f22023-02-07 15:09:58.095root 11241100x8000000000000000692710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500a84b4c1b71dd2023-02-07 15:09:58.096root 11241100x8000000000000000692709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580b7fbfc7ae5d852023-02-07 15:09:58.096root 11241100x8000000000000000692714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd58c8aa201e8aa2023-02-07 15:09:58.595root 11241100x8000000000000000692713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdce9ec29144a272023-02-07 15:09:58.595root 11241100x8000000000000000692712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ae7b847ca63a7b2023-02-07 15:09:58.595root 11241100x8000000000000000692711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b3b863dc6e3da2023-02-07 15:09:58.595root 11241100x8000000000000000692718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11618db09d7e86722023-02-07 15:09:58.596root 11241100x8000000000000000692717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732ba0c3b59d8022023-02-07 15:09:58.596root 11241100x8000000000000000692716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fe1f61205a6da2023-02-07 15:09:58.596root 11241100x8000000000000000692715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108094327f9e577f2023-02-07 15:09:58.596root 11241100x8000000000000000692722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2d754fe19027ee2023-02-07 15:09:59.095root 11241100x8000000000000000692721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4446b059366697812023-02-07 15:09:59.095root 11241100x8000000000000000692720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f14538c9ed84cc2023-02-07 15:09:59.095root 11241100x8000000000000000692719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e66b65161782802023-02-07 15:09:59.095root 11241100x8000000000000000692726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf96f7886e218a32023-02-07 15:09:59.096root 11241100x8000000000000000692725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b86f0b2120c4ec2023-02-07 15:09:59.096root 11241100x8000000000000000692724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca473d01bb0d88e2023-02-07 15:09:59.096root 11241100x8000000000000000692723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4772b9507720c2c2023-02-07 15:09:59.096root 354300x8000000000000000692727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.170{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41918-false10.0.1.12-8000- 11241100x8000000000000000692730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ec63f12ccc9b92023-02-07 15:09:59.595root 11241100x8000000000000000692729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25036333bb52b32023-02-07 15:09:59.595root 11241100x8000000000000000692728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72000772472c012023-02-07 15:09:59.595root 11241100x8000000000000000692736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59515711704a4442023-02-07 15:09:59.596root 11241100x8000000000000000692735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff158ebdc8062992023-02-07 15:09:59.596root 11241100x8000000000000000692734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f7d6e0941dae3f2023-02-07 15:09:59.596root 11241100x8000000000000000692733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e6d63d26902022023-02-07 15:09:59.596root 11241100x8000000000000000692732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00773cb85a1a78f32023-02-07 15:09:59.596root 11241100x8000000000000000692731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610ae00c6270ff82023-02-07 15:09:59.596root 11241100x8000000000000000692738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0e4c5e9b0de5b2023-02-07 15:10:00.095root 11241100x8000000000000000692737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b440cd0d9f8c53d02023-02-07 15:10:00.095root 11241100x8000000000000000692745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c54e62443c6aae2023-02-07 15:10:00.096root 11241100x8000000000000000692744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310129b8ee30bd032023-02-07 15:10:00.096root 11241100x8000000000000000692743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a350ff823d65e402023-02-07 15:10:00.096root 11241100x8000000000000000692742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24aaae3aabc507322023-02-07 15:10:00.096root 11241100x8000000000000000692741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43a463a570f3f02023-02-07 15:10:00.096root 11241100x8000000000000000692740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd31ba488c2902312023-02-07 15:10:00.096root 11241100x8000000000000000692739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638198cbd99e2272023-02-07 15:10:00.096root 11241100x8000000000000000692748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1abe5e7bb955f2023-02-07 15:10:00.595root 11241100x8000000000000000692747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ee1bfb21b9a3f2023-02-07 15:10:00.595root 11241100x8000000000000000692746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dac5740aa226942023-02-07 15:10:00.595root 11241100x8000000000000000692754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3591b43ea95570882023-02-07 15:10:00.596root 11241100x8000000000000000692753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3350fad8c98c3232023-02-07 15:10:00.596root 11241100x8000000000000000692752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f943f5ce0154ae32023-02-07 15:10:00.596root 11241100x8000000000000000692751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61119c7715534c2023-02-07 15:10:00.596root 11241100x8000000000000000692750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba988b8bfc9b1fd42023-02-07 15:10:00.596root 11241100x8000000000000000692749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a391d01d37b5fa972023-02-07 15:10:00.596root 11241100x8000000000000000692757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8435611d2b5ff2023-02-07 15:10:01.095root 11241100x8000000000000000692756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b06dc70237a7dc2023-02-07 15:10:01.095root 11241100x8000000000000000692755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba06a9d2fb31d5732023-02-07 15:10:01.095root 11241100x8000000000000000692763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27609754220aed322023-02-07 15:10:01.096root 11241100x8000000000000000692762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15eb9424f940872023-02-07 15:10:01.096root 11241100x8000000000000000692761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bfc26eedfb33342023-02-07 15:10:01.096root 11241100x8000000000000000692760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee36e24782fdc82023-02-07 15:10:01.096root 11241100x8000000000000000692759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8d332963da4be22023-02-07 15:10:01.096root 11241100x8000000000000000692758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54db397562a35b12023-02-07 15:10:01.096root 11241100x8000000000000000692766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3c10825eb500782023-02-07 15:10:01.595root 11241100x8000000000000000692765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787324674953cf262023-02-07 15:10:01.595root 11241100x8000000000000000692764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc7c44b877575172023-02-07 15:10:01.595root 11241100x8000000000000000692772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688084e763b82e782023-02-07 15:10:01.596root 11241100x8000000000000000692771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df01305b7cf120d42023-02-07 15:10:01.596root 11241100x8000000000000000692770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27258a23cee9c552023-02-07 15:10:01.596root 11241100x8000000000000000692769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886bd162229000bd2023-02-07 15:10:01.596root 11241100x8000000000000000692768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579f4f108fc1a1e2023-02-07 15:10:01.596root 11241100x8000000000000000692767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d37f576a3f4180b2023-02-07 15:10:01.596root 11241100x8000000000000000692775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d2c046d726eade2023-02-07 15:10:02.095root 11241100x8000000000000000692774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b762c1ee0d3f175d2023-02-07 15:10:02.095root 11241100x8000000000000000692773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4ad9d44edcb0632023-02-07 15:10:02.095root 11241100x8000000000000000692781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a12f0326dc8f92023-02-07 15:10:02.096root 11241100x8000000000000000692780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271298101d4289f92023-02-07 15:10:02.096root 11241100x8000000000000000692779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dbaed4c9888ccd2023-02-07 15:10:02.096root 11241100x8000000000000000692778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a615cbfb9621932023-02-07 15:10:02.096root 11241100x8000000000000000692777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec7eea0eb6ca7e2023-02-07 15:10:02.096root 11241100x8000000000000000692776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5ac1441d53d6eb2023-02-07 15:10:02.096root 11241100x8000000000000000692784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800e4a6d338b0a9f2023-02-07 15:10:02.595root 11241100x8000000000000000692783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc40ea4ddd6fc32023-02-07 15:10:02.595root 11241100x8000000000000000692782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039cae9d73890adf2023-02-07 15:10:02.595root 11241100x8000000000000000692789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f900b5c99d00ab032023-02-07 15:10:02.596root 11241100x8000000000000000692788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d4585507f026742023-02-07 15:10:02.596root 11241100x8000000000000000692787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d2ab50f0de82fa2023-02-07 15:10:02.596root 11241100x8000000000000000692786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad871da70d596e7a2023-02-07 15:10:02.596root 11241100x8000000000000000692785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bfa396b3f8f5302023-02-07 15:10:02.596root 11241100x8000000000000000692790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4225f5b5f2382a42023-02-07 15:10:02.597root 11241100x8000000000000000692795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be64d602f6cec9c42023-02-07 15:10:03.096root 11241100x8000000000000000692794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8491f70e35d29d42023-02-07 15:10:03.096root 11241100x8000000000000000692793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc98fe6664c9fd52023-02-07 15:10:03.096root 11241100x8000000000000000692792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ffa01c54ca7102023-02-07 15:10:03.096root 11241100x8000000000000000692791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5838999b9375f172023-02-07 15:10:03.096root 11241100x8000000000000000692799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15315f9eab10e1d42023-02-07 15:10:03.097root 11241100x8000000000000000692798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63518c13ad5d2f42023-02-07 15:10:03.097root 11241100x8000000000000000692797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf319ca0abfb742023-02-07 15:10:03.097root 11241100x8000000000000000692796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3929151976835642023-02-07 15:10:03.097root 11241100x8000000000000000692803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c5cc154b18ea22023-02-07 15:10:03.595root 11241100x8000000000000000692802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dd028cf3e2467a2023-02-07 15:10:03.595root 11241100x8000000000000000692801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f6212c07d894dc2023-02-07 15:10:03.595root 11241100x8000000000000000692800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023efff839485e202023-02-07 15:10:03.595root 11241100x8000000000000000692807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ec9b24bad68eb2023-02-07 15:10:03.596root 11241100x8000000000000000692806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855562d2e4e030ec2023-02-07 15:10:03.596root 11241100x8000000000000000692805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea27beb985c9d872023-02-07 15:10:03.596root 11241100x8000000000000000692804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e02e872f531d9a2023-02-07 15:10:03.596root 11241100x8000000000000000692808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e311090309ed02023-02-07 15:10:03.597root 11241100x8000000000000000692811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44cede1847cf302023-02-07 15:10:04.095root 11241100x8000000000000000692810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530faba42f218b92023-02-07 15:10:04.095root 11241100x8000000000000000692809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6793664878ff417d2023-02-07 15:10:04.095root 11241100x8000000000000000692817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60930d6ffb00c292023-02-07 15:10:04.096root 11241100x8000000000000000692816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d948f7c0d4f552023-02-07 15:10:04.096root 11241100x8000000000000000692815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc76b849c5968e2023-02-07 15:10:04.096root 11241100x8000000000000000692814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7861cb1bdf31bc42023-02-07 15:10:04.096root 11241100x8000000000000000692813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d502ca07f6deb02023-02-07 15:10:04.096root 11241100x8000000000000000692812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da72e11e963efa12023-02-07 15:10:04.096root 354300x8000000000000000692818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.204{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41932-false10.0.1.12-8000- 11241100x8000000000000000692822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eedc02d15820a792023-02-07 15:10:04.595root 11241100x8000000000000000692821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63373e5b24f4555f2023-02-07 15:10:04.595root 11241100x8000000000000000692820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897f6f71ecd61a922023-02-07 15:10:04.595root 11241100x8000000000000000692819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7be816811bc9ad2023-02-07 15:10:04.595root 11241100x8000000000000000692828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d9f6c8b0e835b2023-02-07 15:10:04.596root 11241100x8000000000000000692827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c8d8f37bf47902023-02-07 15:10:04.596root 11241100x8000000000000000692826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071636fee49ae22f2023-02-07 15:10:04.596root 11241100x8000000000000000692825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979e70c0134d0f52023-02-07 15:10:04.596root 11241100x8000000000000000692824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706167036a0016fd2023-02-07 15:10:04.596root 11241100x8000000000000000692823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d91b54d89b7ea122023-02-07 15:10:04.596root 11241100x8000000000000000692829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ee97d2fcf136a42023-02-07 15:10:05.095root 11241100x8000000000000000692833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036ba71ddc808e02023-02-07 15:10:05.096root 11241100x8000000000000000692832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695ecf55350cd0b2023-02-07 15:10:05.096root 11241100x8000000000000000692831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43007f1b66431f12023-02-07 15:10:05.096root 11241100x8000000000000000692830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e69a75ee27c2aa92023-02-07 15:10:05.096root 11241100x8000000000000000692838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2400c1c1fe34622023-02-07 15:10:05.097root 11241100x8000000000000000692837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccdc622973b58612023-02-07 15:10:05.097root 11241100x8000000000000000692836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441dae976ee103d2023-02-07 15:10:05.097root 11241100x8000000000000000692835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfa1237d69db75e2023-02-07 15:10:05.097root 11241100x8000000000000000692834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458a4a079cfe7c122023-02-07 15:10:05.097root 11241100x8000000000000000692840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd410d19972267992023-02-07 15:10:05.595root 11241100x8000000000000000692839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b6a72f04c517a2023-02-07 15:10:05.595root 11241100x8000000000000000692844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3743bd35ad4febd2023-02-07 15:10:05.596root 11241100x8000000000000000692843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b43950215f136f2023-02-07 15:10:05.596root 11241100x8000000000000000692842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b50474fa7e7d8e32023-02-07 15:10:05.596root 11241100x8000000000000000692841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6d61ceae46b3552023-02-07 15:10:05.596root 11241100x8000000000000000692848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a371c1911f5b17802023-02-07 15:10:05.597root 11241100x8000000000000000692847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af3eca86cafaf892023-02-07 15:10:05.597root 11241100x8000000000000000692846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86853ad98e73cd12023-02-07 15:10:05.597root 11241100x8000000000000000692845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e1997aa2411712023-02-07 15:10:05.597root 11241100x8000000000000000692850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500c3d6eca6eb722023-02-07 15:10:06.095root 11241100x8000000000000000692849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a1f21487a4d5a72023-02-07 15:10:06.095root 11241100x8000000000000000692853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c103d62900ec4752023-02-07 15:10:06.096root 11241100x8000000000000000692852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb611a6f70830422023-02-07 15:10:06.096root 11241100x8000000000000000692851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff89af05f88b0a432023-02-07 15:10:06.096root 11241100x8000000000000000692856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82ece6dd5139d52023-02-07 15:10:06.097root 11241100x8000000000000000692855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53840c6cdafe06822023-02-07 15:10:06.097root 11241100x8000000000000000692854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b05d5477572e3b2023-02-07 15:10:06.097root 11241100x8000000000000000692858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd7ab7a933bb65c2023-02-07 15:10:06.098root 11241100x8000000000000000692857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277b58ac35abc87b2023-02-07 15:10:06.098root 11241100x8000000000000000692860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93753451fe45894c2023-02-07 15:10:06.595root 11241100x8000000000000000692859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d064f3eab2b6e2023-02-07 15:10:06.595root 11241100x8000000000000000692864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0736041ad15c12023-02-07 15:10:06.596root 11241100x8000000000000000692863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794eee48acc5d6272023-02-07 15:10:06.596root 11241100x8000000000000000692862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d76bace8823c382023-02-07 15:10:06.596root 11241100x8000000000000000692861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795b9299f314e832023-02-07 15:10:06.596root 11241100x8000000000000000692868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4643654afca7ace2023-02-07 15:10:06.597root 11241100x8000000000000000692867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e96e93d01752e62023-02-07 15:10:06.597root 11241100x8000000000000000692866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17e56ad98a373f02023-02-07 15:10:06.597root 11241100x8000000000000000692865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d8e033f7228fe82023-02-07 15:10:06.597root 11241100x8000000000000000692871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f22be73887ede2023-02-07 15:10:07.095root 11241100x8000000000000000692870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6153fbb4b20361e2023-02-07 15:10:07.095root 11241100x8000000000000000692869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b724fa2084d48a2023-02-07 15:10:07.095root 11241100x8000000000000000692875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6963f4aaf04896e82023-02-07 15:10:07.096root 11241100x8000000000000000692874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f333fb8899ea4f642023-02-07 15:10:07.096root 11241100x8000000000000000692873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c850bf5c486c582023-02-07 15:10:07.096root 11241100x8000000000000000692872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02bc02e475568e2023-02-07 15:10:07.096root 11241100x8000000000000000692878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aeef1430bf4ad32023-02-07 15:10:07.097root 11241100x8000000000000000692877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bfaf22e2b3fbad2023-02-07 15:10:07.097root 11241100x8000000000000000692876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea401e545e4e5f2023-02-07 15:10:07.097root 11241100x8000000000000000692883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee719c6a8c3aa0212023-02-07 15:10:07.595root 11241100x8000000000000000692882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641b80455d560082023-02-07 15:10:07.595root 11241100x8000000000000000692881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790b3689c06df512023-02-07 15:10:07.595root 11241100x8000000000000000692880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc1c635c5b13202023-02-07 15:10:07.595root 11241100x8000000000000000692879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03d120412fc12d2023-02-07 15:10:07.595root 11241100x8000000000000000692890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a358e7bd8f3ece2023-02-07 15:10:07.596root 11241100x8000000000000000692889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7094f3b2352ad932023-02-07 15:10:07.596root 11241100x8000000000000000692888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab8d241383c8972023-02-07 15:10:07.596root 11241100x8000000000000000692887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97e476ffd810d892023-02-07 15:10:07.596root 11241100x8000000000000000692886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9b2b76c2d88fe2023-02-07 15:10:07.596root 11241100x8000000000000000692885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a2e916f6b55b3c2023-02-07 15:10:07.596root 11241100x8000000000000000692884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8c2ceca5acad4d2023-02-07 15:10:07.596root 11241100x8000000000000000692893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f719c85ee0bbe382023-02-07 15:10:08.095root 11241100x8000000000000000692892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa85b22d95358062023-02-07 15:10:08.095root 11241100x8000000000000000692891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eb8783c1b996a62023-02-07 15:10:08.095root 11241100x8000000000000000692899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b9b7f76a29b3122023-02-07 15:10:08.096root 11241100x8000000000000000692898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaae0e89bfa2a302023-02-07 15:10:08.096root 11241100x8000000000000000692897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f7c6f7d4543382023-02-07 15:10:08.096root 11241100x8000000000000000692896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864de45c092c65a2023-02-07 15:10:08.096root 11241100x8000000000000000692895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbad0b807cf8763e2023-02-07 15:10:08.096root 11241100x8000000000000000692894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f4f702431dc452023-02-07 15:10:08.096root 11241100x8000000000000000692900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c650156e684357c2023-02-07 15:10:08.097root 11241100x8000000000000000692902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062791004a51151b2023-02-07 15:10:08.595root 11241100x8000000000000000692901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7cde49ee034fc2023-02-07 15:10:08.595root 11241100x8000000000000000692909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1493bd0c2a23e7542023-02-07 15:10:08.596root 11241100x8000000000000000692908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5a39d2c2f4dab32023-02-07 15:10:08.596root 11241100x8000000000000000692907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2500e6fc05179232023-02-07 15:10:08.596root 11241100x8000000000000000692906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7cbf46e4bc77b72023-02-07 15:10:08.596root 11241100x8000000000000000692905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4795279c7fb4968d2023-02-07 15:10:08.596root 11241100x8000000000000000692904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d7cc11b3b45a112023-02-07 15:10:08.596root 11241100x8000000000000000692903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd61461c78899c2023-02-07 15:10:08.596root 11241100x8000000000000000692910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a1e9019fbd16d2023-02-07 15:10:08.597root 11241100x8000000000000000692912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a06d52e08855462023-02-07 15:10:09.095root 11241100x8000000000000000692911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f15679077fd23d2023-02-07 15:10:09.095root 11241100x8000000000000000692919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcdfee8a510e7962023-02-07 15:10:09.096root 11241100x8000000000000000692918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5453965e09a2d282023-02-07 15:10:09.096root 11241100x8000000000000000692917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f874b9f534579e12023-02-07 15:10:09.096root 11241100x8000000000000000692916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744cacc492624c282023-02-07 15:10:09.096root 11241100x8000000000000000692915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ebf77ca202c6ec2023-02-07 15:10:09.096root 11241100x8000000000000000692914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0736ae13c5836d752023-02-07 15:10:09.096root 11241100x8000000000000000692913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ad361b988390072023-02-07 15:10:09.096root 11241100x8000000000000000692920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80151f23a1ffe80d2023-02-07 15:10:09.097root 354300x8000000000000000692921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.215{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37328-false10.0.1.12-8000- 11241100x8000000000000000692927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe6172e567efa22023-02-07 15:10:09.595root 11241100x8000000000000000692926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492c33d641a9b2d2023-02-07 15:10:09.595root 11241100x8000000000000000692925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9978caf478ccf73d2023-02-07 15:10:09.595root 11241100x8000000000000000692924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ac04501e7a40c2023-02-07 15:10:09.595root 11241100x8000000000000000692923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace20333fc0dfd8d2023-02-07 15:10:09.595root 11241100x8000000000000000692922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776c6c1162b8acd2023-02-07 15:10:09.595root 11241100x8000000000000000692932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89cdc5ada7c2c22023-02-07 15:10:09.596root 11241100x8000000000000000692931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7801ce73079c0ed72023-02-07 15:10:09.596root 11241100x8000000000000000692930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f13f77467cda02023-02-07 15:10:09.596root 11241100x8000000000000000692929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844116f99c5cfa972023-02-07 15:10:09.596root 11241100x8000000000000000692928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8d895c0a639fb92023-02-07 15:10:09.596root 11241100x8000000000000000692934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de15720b9945c8a12023-02-07 15:10:10.095root 11241100x8000000000000000692933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734cfc33819e58d62023-02-07 15:10:10.095root 11241100x8000000000000000692943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fe1e10fcc101092023-02-07 15:10:10.096root 11241100x8000000000000000692942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddde1739afa6ac72023-02-07 15:10:10.096root 11241100x8000000000000000692941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5bc66b2c60ee3a2023-02-07 15:10:10.096root 11241100x8000000000000000692940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d29c37fed80aae2023-02-07 15:10:10.096root 11241100x8000000000000000692939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bed700473b8c4c2023-02-07 15:10:10.096root 11241100x8000000000000000692938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001994eb3ef9c5332023-02-07 15:10:10.096root 11241100x8000000000000000692937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bce60a8d3c25d482023-02-07 15:10:10.096root 11241100x8000000000000000692936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e788305111c1ac42023-02-07 15:10:10.096root 11241100x8000000000000000692935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8771d3895dbaaf2023-02-07 15:10:10.096root 11241100x8000000000000000692945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa83339be863f482023-02-07 15:10:10.097root 11241100x8000000000000000692944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a623d22669837632023-02-07 15:10:10.097root 11241100x8000000000000000692949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0926f63de6c7027e2023-02-07 15:10:10.595root 11241100x8000000000000000692948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7095dfb6ce0b25002023-02-07 15:10:10.595root 11241100x8000000000000000692947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b761ff329323e8b2023-02-07 15:10:10.595root 11241100x8000000000000000692946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9750cac738d65ca22023-02-07 15:10:10.595root 11241100x8000000000000000692956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6239244df00ba8552023-02-07 15:10:10.596root 11241100x8000000000000000692955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b13a8d83537752023-02-07 15:10:10.596root 11241100x8000000000000000692954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfdf6e11d6e77cc2023-02-07 15:10:10.596root 11241100x8000000000000000692953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cf4b78fb27a68c2023-02-07 15:10:10.596root 11241100x8000000000000000692952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bbf95870807a902023-02-07 15:10:10.596root 11241100x8000000000000000692951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41d7c179373ef52023-02-07 15:10:10.596root 11241100x8000000000000000692950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73233663c79d4d202023-02-07 15:10:10.596root 11241100x8000000000000000692960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dfc3a92bb5e2f72023-02-07 15:10:11.095root 11241100x8000000000000000692959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdbac9cbbe420e72023-02-07 15:10:11.095root 11241100x8000000000000000692958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a2e0d5e2e3b552023-02-07 15:10:11.095root 11241100x8000000000000000692957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c580bbb58c0a91e2023-02-07 15:10:11.095root 11241100x8000000000000000692966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b409ae09c937410a2023-02-07 15:10:11.096root 11241100x8000000000000000692965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcfd709205525302023-02-07 15:10:11.096root 11241100x8000000000000000692964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a36ed83717e3a2023-02-07 15:10:11.096root 11241100x8000000000000000692963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652f96e46e232442023-02-07 15:10:11.096root 11241100x8000000000000000692962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218acb2d8e53e52f2023-02-07 15:10:11.096root 11241100x8000000000000000692961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed2d27dfb4556212023-02-07 15:10:11.096root 11241100x8000000000000000692967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4ce615e23ea072023-02-07 15:10:11.097root 11241100x8000000000000000692970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3be96042570a5d22023-02-07 15:10:11.595root 11241100x8000000000000000692969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38be83a22e82ee02023-02-07 15:10:11.595root 11241100x8000000000000000692968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a922c622ae9cef502023-02-07 15:10:11.595root 11241100x8000000000000000692976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dfa8584b228cd02023-02-07 15:10:11.596root 11241100x8000000000000000692975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9850d23e9b0ac2023-02-07 15:10:11.596root 11241100x8000000000000000692974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25790a11f243d62023-02-07 15:10:11.596root 11241100x8000000000000000692973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab1277f980ca162023-02-07 15:10:11.596root 11241100x8000000000000000692972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c73539d6d7fa22023-02-07 15:10:11.596root 11241100x8000000000000000692971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce1998e817726ac2023-02-07 15:10:11.596root 11241100x8000000000000000692978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864aafb197ad57b32023-02-07 15:10:11.597root 11241100x8000000000000000692977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d13ba851d3e88692023-02-07 15:10:11.597root 11241100x8000000000000000692981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc700188933e5b32023-02-07 15:10:12.095root 11241100x8000000000000000692980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdef0f08b3176252023-02-07 15:10:12.095root 11241100x8000000000000000692979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2284bcbb0c1e60892023-02-07 15:10:12.095root 11241100x8000000000000000692987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24e02b5d7d76d952023-02-07 15:10:12.096root 11241100x8000000000000000692986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a32fec2fc284e62023-02-07 15:10:12.096root 11241100x8000000000000000692985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f02bda5041a2412023-02-07 15:10:12.096root 11241100x8000000000000000692984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9656b2f804a8d162023-02-07 15:10:12.096root 11241100x8000000000000000692983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980a4236664f3a82023-02-07 15:10:12.096root 11241100x8000000000000000692982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26929e37782836cb2023-02-07 15:10:12.096root 11241100x8000000000000000692989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262cfcbba76708c22023-02-07 15:10:12.097root 11241100x8000000000000000692988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513d12a54aac3cfb2023-02-07 15:10:12.097root 11241100x8000000000000000692992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbb0af0008e763c2023-02-07 15:10:12.595root 11241100x8000000000000000692991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8226a4119683cb62023-02-07 15:10:12.595root 11241100x8000000000000000692990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a1bd048b5c95132023-02-07 15:10:12.595root 11241100x8000000000000000692998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97db2e6ab6c3bf7b2023-02-07 15:10:12.596root 11241100x8000000000000000692997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b763c75c52fce1a22023-02-07 15:10:12.596root 11241100x8000000000000000692996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca90255e8b56d422023-02-07 15:10:12.596root 11241100x8000000000000000692995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d686b33491cbff2023-02-07 15:10:12.596root 11241100x8000000000000000692994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32189bccd55409d2023-02-07 15:10:12.596root 11241100x8000000000000000692993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121ca73f8c66fa02023-02-07 15:10:12.596root 11241100x8000000000000000693000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d7f09cfd972da92023-02-07 15:10:12.597root 11241100x8000000000000000692999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db9d863e355d3b32023-02-07 15:10:12.597root 11241100x8000000000000000693002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e996da206373fa2023-02-07 15:10:13.095root 11241100x8000000000000000693001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a0dabae92608132023-02-07 15:10:13.095root 11241100x8000000000000000693006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3afb3db7ad243a2023-02-07 15:10:13.096root 11241100x8000000000000000693005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b72fa682576ce2023-02-07 15:10:13.096root 11241100x8000000000000000693004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db3bbab88eb8742023-02-07 15:10:13.096root 11241100x8000000000000000693003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4b4caeda75aac72023-02-07 15:10:13.096root 11241100x8000000000000000693011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91700d68499960a12023-02-07 15:10:13.097root 11241100x8000000000000000693010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d320b8492c0cb42023-02-07 15:10:13.097root 11241100x8000000000000000693009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c81db43b02dc4462023-02-07 15:10:13.097root 11241100x8000000000000000693008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a1d4c53c68b332023-02-07 15:10:13.097root 11241100x8000000000000000693007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e46acbbb68ae92023-02-07 15:10:13.097root 11241100x8000000000000000693016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adebc0192b54698f2023-02-07 15:10:13.595root 11241100x8000000000000000693015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d40f2230544082023-02-07 15:10:13.595root 11241100x8000000000000000693014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b83fcc5b02b7f92023-02-07 15:10:13.595root 11241100x8000000000000000693013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59417b473bc77d822023-02-07 15:10:13.595root 11241100x8000000000000000693012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe1b1b0c7c3b362023-02-07 15:10:13.595root 11241100x8000000000000000693022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0c5943779a5bca2023-02-07 15:10:13.596root 11241100x8000000000000000693021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df8cc7e679ba822023-02-07 15:10:13.596root 11241100x8000000000000000693020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e9d009a5f2bbb2023-02-07 15:10:13.596root 11241100x8000000000000000693019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6db5b1ca7efab722023-02-07 15:10:13.596root 11241100x8000000000000000693018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a78b590acf7bc2023-02-07 15:10:13.596root 11241100x8000000000000000693017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c0ac14db514852023-02-07 15:10:13.596root 11241100x8000000000000000693027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3708c92a98f8a6b2023-02-07 15:10:14.095root 11241100x8000000000000000693026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57561b5f221dbf2023-02-07 15:10:14.095root 11241100x8000000000000000693025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8331d2c68215cf172023-02-07 15:10:14.095root 11241100x8000000000000000693024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d72161821d7212023-02-07 15:10:14.095root 11241100x8000000000000000693023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0dea2925136f752023-02-07 15:10:14.095root 11241100x8000000000000000693031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fb6bc57ddf8882023-02-07 15:10:14.096root 11241100x8000000000000000693030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c7e10cb2e06fd2023-02-07 15:10:14.096root 11241100x8000000000000000693029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116db0f1fe3dbf52023-02-07 15:10:14.096root 11241100x8000000000000000693028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50707bbb89a6666e2023-02-07 15:10:14.096root 11241100x8000000000000000693033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a392d149480a70c42023-02-07 15:10:14.097root 11241100x8000000000000000693032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17194518aad8ca32023-02-07 15:10:14.097root 354300x8000000000000000693034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.527{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-56222-false10.0.1.12-8089- 11241100x8000000000000000693038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fefb3f6859cdfa2023-02-07 15:10:14.528root 11241100x8000000000000000693037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3f908988efa192023-02-07 15:10:14.528root 11241100x8000000000000000693036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab175c224fedca2023-02-07 15:10:14.528root 11241100x8000000000000000693035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713bf75ff1e4160e2023-02-07 15:10:14.528root 11241100x8000000000000000693045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be85ce76500fa3592023-02-07 15:10:14.529root 11241100x8000000000000000693044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215e79d4c140cdd52023-02-07 15:10:14.529root 11241100x8000000000000000693043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1d486a9d7fba062023-02-07 15:10:14.529root 11241100x8000000000000000693042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d085faa17e5332023-02-07 15:10:14.529root 11241100x8000000000000000693041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21620dae0dca653a2023-02-07 15:10:14.529root 11241100x8000000000000000693040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e3ff27390e8e422023-02-07 15:10:14.529root 11241100x8000000000000000693039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9a50279f2afb6a2023-02-07 15:10:14.529root 11241100x8000000000000000693046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.530{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88524ea28d4428ab2023-02-07 15:10:14.530root 11241100x8000000000000000693048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb7defe1abc4792023-02-07 15:10:14.845root 11241100x8000000000000000693047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca6a7fcae62fd952023-02-07 15:10:14.845root 11241100x8000000000000000693058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e97519266a808ee2023-02-07 15:10:14.846root 11241100x8000000000000000693057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927794214c598a252023-02-07 15:10:14.846root 11241100x8000000000000000693056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f074d7254f412efb2023-02-07 15:10:14.846root 11241100x8000000000000000693055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1421377efba5d732023-02-07 15:10:14.846root 11241100x8000000000000000693054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6629c1cb9495a7392023-02-07 15:10:14.846root 11241100x8000000000000000693053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61d629ba311ed162023-02-07 15:10:14.846root 11241100x8000000000000000693052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f0403dbd0734282023-02-07 15:10:14.846root 11241100x8000000000000000693051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a038beb0decd5b2023-02-07 15:10:14.846root 11241100x8000000000000000693050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89e6d9ff9544462023-02-07 15:10:14.846root 11241100x8000000000000000693049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904bf298ca8e85332023-02-07 15:10:14.846root 354300x8000000000000000693059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.055{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37340-false10.0.1.12-8000- 11241100x8000000000000000693063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1525f1cdcebd492023-02-07 15:10:15.346root 11241100x8000000000000000693062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d91b432dd613ca2023-02-07 15:10:15.346root 11241100x8000000000000000693061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2dd1036b29ff72023-02-07 15:10:15.346root 11241100x8000000000000000693060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413c78e9a2ae8d02023-02-07 15:10:15.346root 11241100x8000000000000000693069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335cd842b32e6cc72023-02-07 15:10:15.347root 11241100x8000000000000000693068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c468f9a825bff252023-02-07 15:10:15.347root 11241100x8000000000000000693067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dff703e3673a16a2023-02-07 15:10:15.347root 11241100x8000000000000000693066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad8e60b88fbfc672023-02-07 15:10:15.347root 11241100x8000000000000000693065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ce414da5cff8d2023-02-07 15:10:15.347root 11241100x8000000000000000693064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a34712827c7f42023-02-07 15:10:15.347root 11241100x8000000000000000693072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6d932e5a2339f2023-02-07 15:10:15.348root 11241100x8000000000000000693071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93d29c6ba774fe2023-02-07 15:10:15.348root 11241100x8000000000000000693070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f5b666bda9bac2023-02-07 15:10:15.348root 11241100x8000000000000000693073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab5bf3eb7eee1492023-02-07 15:10:15.845root 11241100x8000000000000000693080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7350ca32fe142762023-02-07 15:10:15.846root 11241100x8000000000000000693079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7c17cfd0b7d7842023-02-07 15:10:15.846root 11241100x8000000000000000693078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4167c8fa679b546a2023-02-07 15:10:15.846root 11241100x8000000000000000693077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90745518806511152023-02-07 15:10:15.846root 11241100x8000000000000000693076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01913a4f3e7111672023-02-07 15:10:15.846root 11241100x8000000000000000693075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791757fdb6f32caa2023-02-07 15:10:15.846root 11241100x8000000000000000693074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc40e487fe280dd62023-02-07 15:10:15.846root 11241100x8000000000000000693085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f600d9a4d7caa62023-02-07 15:10:15.847root 11241100x8000000000000000693084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec405d152a722f2023-02-07 15:10:15.847root 11241100x8000000000000000693083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d3d2617f42af262023-02-07 15:10:15.847root 11241100x8000000000000000693082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da085475df72d61d2023-02-07 15:10:15.847root 11241100x8000000000000000693081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a853ccc52274d22023-02-07 15:10:15.847root 11241100x8000000000000000693092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba4da75171e828e2023-02-07 15:10:16.346root 11241100x8000000000000000693091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4199f7c1a215020f2023-02-07 15:10:16.346root 11241100x8000000000000000693090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c590bbf3bd3b5412023-02-07 15:10:16.346root 11241100x8000000000000000693089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323f30d9e543fe5c2023-02-07 15:10:16.346root 11241100x8000000000000000693088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c012b55c15fd2932023-02-07 15:10:16.346root 11241100x8000000000000000693087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2de633e2a4494822023-02-07 15:10:16.346root 11241100x8000000000000000693086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482d670c35365ee22023-02-07 15:10:16.346root 11241100x8000000000000000693098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842fdf070dede75a2023-02-07 15:10:16.348root 11241100x8000000000000000693097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac741158c0f3242023-02-07 15:10:16.348root 11241100x8000000000000000693096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593f0ec53ba81b52023-02-07 15:10:16.348root 11241100x8000000000000000693095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6e86c910130ccb2023-02-07 15:10:16.348root 11241100x8000000000000000693094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c15220bd2fd722023-02-07 15:10:16.348root 11241100x8000000000000000693093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5878b19a00722e5e2023-02-07 15:10:16.348root 11241100x8000000000000000693099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41d9e1db79b61b2023-02-07 15:10:16.845root 11241100x8000000000000000693106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72e6ce14c1cace52023-02-07 15:10:16.846root 11241100x8000000000000000693105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5058aabb5c3be2023-02-07 15:10:16.846root 11241100x8000000000000000693104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42d377ff67e474d2023-02-07 15:10:16.846root 11241100x8000000000000000693103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fd32b719c80cb2023-02-07 15:10:16.846root 11241100x8000000000000000693102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99db3364aaab1082023-02-07 15:10:16.846root 11241100x8000000000000000693101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80bbe47093151a42023-02-07 15:10:16.846root 11241100x8000000000000000693100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b041abd7a089f4932023-02-07 15:10:16.846root 11241100x8000000000000000693111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f4e60b4b9fe2be2023-02-07 15:10:16.847root 11241100x8000000000000000693110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e367223fc3fdfde2023-02-07 15:10:16.847root 11241100x8000000000000000693109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf38cc3d1cba7ba42023-02-07 15:10:16.847root 11241100x8000000000000000693108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a719d72537a07072023-02-07 15:10:16.847root 11241100x8000000000000000693107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7ecebd0af6d072023-02-07 15:10:16.847root 11241100x8000000000000000693112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6b50e07e82f8b2023-02-07 15:10:17.345root 11241100x8000000000000000693124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e178de4a71d92d712023-02-07 15:10:17.346root 11241100x8000000000000000693123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2651315778613f12023-02-07 15:10:17.346root 11241100x8000000000000000693122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c364a7c0eaf71402023-02-07 15:10:17.346root 11241100x8000000000000000693121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53afcc6f2ddd55932023-02-07 15:10:17.346root 11241100x8000000000000000693120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7cd194a00e61862023-02-07 15:10:17.346root 11241100x8000000000000000693119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12baede77ec4196f2023-02-07 15:10:17.346root 11241100x8000000000000000693118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525d3da8ce6c40aa2023-02-07 15:10:17.346root 11241100x8000000000000000693117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617da7558ccd84f92023-02-07 15:10:17.346root 11241100x8000000000000000693116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd0f789a245eb92023-02-07 15:10:17.346root 11241100x8000000000000000693115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71c2e2b3514a462023-02-07 15:10:17.346root 11241100x8000000000000000693114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2dff1ca045851f2023-02-07 15:10:17.346root 11241100x8000000000000000693113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e9995b56aca0102023-02-07 15:10:17.346root 11241100x8000000000000000693125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b3af1c3c922522023-02-07 15:10:17.845root 11241100x8000000000000000693136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c906029714e8fa2023-02-07 15:10:17.846root 11241100x8000000000000000693135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e049ae920d3b412023-02-07 15:10:17.846root 11241100x8000000000000000693134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c5020fdff45632023-02-07 15:10:17.846root 11241100x8000000000000000693133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd454a04793b2afd2023-02-07 15:10:17.846root 11241100x8000000000000000693132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783aeeeed3ee3d52023-02-07 15:10:17.846root 11241100x8000000000000000693131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264660c9d6ed9772023-02-07 15:10:17.846root 11241100x8000000000000000693130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f4436e9c8ce5c2023-02-07 15:10:17.846root 11241100x8000000000000000693129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d4b16f05d2a932023-02-07 15:10:17.846root 11241100x8000000000000000693128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6efc83a06564ab2023-02-07 15:10:17.846root 11241100x8000000000000000693127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2476c4d0cf45e22023-02-07 15:10:17.846root 11241100x8000000000000000693126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993665c26dee84b2023-02-07 15:10:17.846root 11241100x8000000000000000693137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f64459ecdcaea7c2023-02-07 15:10:17.847root 11241100x8000000000000000693139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5887495f9dea3802023-02-07 15:10:18.345root 11241100x8000000000000000693138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c904b1cbbf5cb22023-02-07 15:10:18.345root 11241100x8000000000000000693150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e5dc010bea6ada2023-02-07 15:10:18.346root 11241100x8000000000000000693149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eead4ab501fec82023-02-07 15:10:18.346root 11241100x8000000000000000693148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704d023c6b3903e2023-02-07 15:10:18.346root 11241100x8000000000000000693147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc95b1bb5d9fe872023-02-07 15:10:18.346root 11241100x8000000000000000693146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d1c9593da622a2023-02-07 15:10:18.346root 11241100x8000000000000000693145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382503932cc00cb2023-02-07 15:10:18.346root 11241100x8000000000000000693144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc076fbef70939a2023-02-07 15:10:18.346root 11241100x8000000000000000693143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e5562694a08e02023-02-07 15:10:18.346root 11241100x8000000000000000693142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf3c775f8963d52023-02-07 15:10:18.346root 11241100x8000000000000000693141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77f1566c64513d2023-02-07 15:10:18.346root 11241100x8000000000000000693140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc4356077ccb9192023-02-07 15:10:18.346root 11241100x8000000000000000693151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5d5c71e98f6f52023-02-07 15:10:18.845root 11241100x8000000000000000693163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dddbd33d6f6fc382023-02-07 15:10:18.846root 11241100x8000000000000000693162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d01d6c16c2a3eb22023-02-07 15:10:18.846root 11241100x8000000000000000693161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb9a13848c06bd42023-02-07 15:10:18.846root 11241100x8000000000000000693160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4a3735d5d69aa82023-02-07 15:10:18.846root 11241100x8000000000000000693159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca18b7eb7128272023-02-07 15:10:18.846root 11241100x8000000000000000693158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1e16627ce74d252023-02-07 15:10:18.846root 11241100x8000000000000000693157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c638fea665364ba2023-02-07 15:10:18.846root 11241100x8000000000000000693156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aab4d038d7f2a1e2023-02-07 15:10:18.846root 11241100x8000000000000000693155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012baa48ad451f3a2023-02-07 15:10:18.846root 11241100x8000000000000000693154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805d81380865d182023-02-07 15:10:18.846root 11241100x8000000000000000693153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc62f95c94e3a192023-02-07 15:10:18.846root 11241100x8000000000000000693152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62942ea5b50d82082023-02-07 15:10:18.846root 11241100x8000000000000000693164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f10504538e24592023-02-07 15:10:19.345root 11241100x8000000000000000693176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd5b4e6913d9e02023-02-07 15:10:19.346root 11241100x8000000000000000693175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1175f781642fde2023-02-07 15:10:19.346root 11241100x8000000000000000693174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46bb0a2ecee7bed2023-02-07 15:10:19.346root 11241100x8000000000000000693173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70622ad15dc26c9a2023-02-07 15:10:19.346root 11241100x8000000000000000693172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d6094ecd8b3422023-02-07 15:10:19.346root 11241100x8000000000000000693171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329e6890a569be2d2023-02-07 15:10:19.346root 11241100x8000000000000000693170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fea61ee0a902772023-02-07 15:10:19.346root 11241100x8000000000000000693169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09ed399c7a6384a2023-02-07 15:10:19.346root 11241100x8000000000000000693168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed421a8863ec7b42023-02-07 15:10:19.346root 11241100x8000000000000000693167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3915406a802b3d2023-02-07 15:10:19.346root 11241100x8000000000000000693166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98cdb5ab8e64e82023-02-07 15:10:19.346root 11241100x8000000000000000693165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca4cb2dc001d432023-02-07 15:10:19.346root 11241100x8000000000000000693177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93781affcbc1dd22023-02-07 15:10:19.845root 11241100x8000000000000000693189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22aee78ab4cedb42023-02-07 15:10:19.846root 11241100x8000000000000000693188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d791c70afcc97d2023-02-07 15:10:19.846root 11241100x8000000000000000693187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cddcb1b71324532023-02-07 15:10:19.846root 11241100x8000000000000000693186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f4edc586e6afe52023-02-07 15:10:19.846root 11241100x8000000000000000693185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f643c081a2ad59e2023-02-07 15:10:19.846root 11241100x8000000000000000693184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5e90714fd85b602023-02-07 15:10:19.846root 11241100x8000000000000000693183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c9ca5e21bec5ab2023-02-07 15:10:19.846root 11241100x8000000000000000693182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d7ae3afc0786822023-02-07 15:10:19.846root 11241100x8000000000000000693181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bdbc6442fbae312023-02-07 15:10:19.846root 11241100x8000000000000000693180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7265bab7ba276532023-02-07 15:10:19.846root 11241100x8000000000000000693179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4310cae029fca8c2023-02-07 15:10:19.846root 11241100x8000000000000000693178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba755fd195d449c2023-02-07 15:10:19.846root 354300x8000000000000000693190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.056{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56224-false10.0.1.12-8000- 11241100x8000000000000000693191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6502088625eed2023-02-07 15:10:20.345root 11241100x8000000000000000693200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19012ae0e42ac0792023-02-07 15:10:20.346root 11241100x8000000000000000693199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a9208de26b7f042023-02-07 15:10:20.346root 11241100x8000000000000000693198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04574e361d26a5ab2023-02-07 15:10:20.346root 11241100x8000000000000000693197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088a5c5d52ca9d632023-02-07 15:10:20.346root 11241100x8000000000000000693196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922ffadc0cbd70862023-02-07 15:10:20.346root 11241100x8000000000000000693195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba12d79e352e9202023-02-07 15:10:20.346root 11241100x8000000000000000693194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9085b66400e2abb2023-02-07 15:10:20.346root 11241100x8000000000000000693193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f3906bf0edf6e72023-02-07 15:10:20.346root 11241100x8000000000000000693192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99119e06ae7359b2023-02-07 15:10:20.346root 11241100x8000000000000000693202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703c5d94bcf8632f2023-02-07 15:10:20.347root 11241100x8000000000000000693201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5deced033e6fdfd2023-02-07 15:10:20.347root 11241100x8000000000000000693204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a45846b55b5e17a2023-02-07 15:10:20.350root 11241100x8000000000000000693203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a62565c8b049262023-02-07 15:10:20.350root 11241100x8000000000000000693205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef67869be1f4fc7b2023-02-07 15:10:20.845root 11241100x8000000000000000693215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d0cc44564fea762023-02-07 15:10:20.846root 11241100x8000000000000000693214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2722fec248013fa72023-02-07 15:10:20.846root 11241100x8000000000000000693213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4206b56fe2e3c152023-02-07 15:10:20.846root 11241100x8000000000000000693212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6923e7c2c9228f112023-02-07 15:10:20.846root 11241100x8000000000000000693211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb38ef6b64599682023-02-07 15:10:20.846root 11241100x8000000000000000693210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466993fad55bdaba2023-02-07 15:10:20.846root 11241100x8000000000000000693209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec236df0bf479f02023-02-07 15:10:20.846root 11241100x8000000000000000693208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33fc499606b20ff2023-02-07 15:10:20.846root 11241100x8000000000000000693207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7241ac185b89f3842023-02-07 15:10:20.846root 11241100x8000000000000000693206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8a728fe4a250682023-02-07 15:10:20.846root 11241100x8000000000000000693218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81025db1abaae1f42023-02-07 15:10:20.847root 11241100x8000000000000000693217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de1be65286c8802023-02-07 15:10:20.847root 11241100x8000000000000000693216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e2f7a721014612023-02-07 15:10:20.847root 11241100x8000000000000000693219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f708600b1463eec2023-02-07 15:10:21.345root 11241100x8000000000000000693228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3fb87d7f691a452023-02-07 15:10:21.346root 11241100x8000000000000000693227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffbcb1b10cf67da2023-02-07 15:10:21.346root 11241100x8000000000000000693226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39b7310de5aeee2023-02-07 15:10:21.346root 11241100x8000000000000000693225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de438d0c487e8d802023-02-07 15:10:21.346root 11241100x8000000000000000693224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd08f92c499b6f72023-02-07 15:10:21.346root 11241100x8000000000000000693223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1ed134935e64212023-02-07 15:10:21.346root 11241100x8000000000000000693222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadb77a0896584892023-02-07 15:10:21.346root 11241100x8000000000000000693221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e171b3f89733eb2023-02-07 15:10:21.346root 11241100x8000000000000000693220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d26debe4b7a6a2023-02-07 15:10:21.346root 11241100x8000000000000000693232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1050e7402d9c9602023-02-07 15:10:21.347root 11241100x8000000000000000693231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca459befbe53f02023-02-07 15:10:21.347root 11241100x8000000000000000693230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8693fd8e69675212023-02-07 15:10:21.347root 11241100x8000000000000000693229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cc23252818381d2023-02-07 15:10:21.347root 11241100x8000000000000000693233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0658cb8778c4042023-02-07 15:10:21.845root 11241100x8000000000000000693241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca86eb4734301622023-02-07 15:10:21.846root 11241100x8000000000000000693240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468654a26be3cc62023-02-07 15:10:21.846root 11241100x8000000000000000693239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9504c66a171a04ca2023-02-07 15:10:21.846root 11241100x8000000000000000693238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b37bfe142cfe0a2023-02-07 15:10:21.846root 11241100x8000000000000000693237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126d135764d61efd2023-02-07 15:10:21.846root 11241100x8000000000000000693236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6a638b5495ef32023-02-07 15:10:21.846root 11241100x8000000000000000693235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2a0740134f2c02023-02-07 15:10:21.846root 11241100x8000000000000000693234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa3ad3a784506ea2023-02-07 15:10:21.846root 11241100x8000000000000000693246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565d71ef61b783822023-02-07 15:10:21.847root 11241100x8000000000000000693245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c236a1b8ff394a32023-02-07 15:10:21.847root 11241100x8000000000000000693244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38c4092b38d9e82023-02-07 15:10:21.847root 11241100x8000000000000000693243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3badec247f7ede32023-02-07 15:10:21.847root 11241100x8000000000000000693242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49777cc1dd7104352023-02-07 15:10:21.847root 11241100x8000000000000000693247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833f412139e8cd292023-02-07 15:10:22.345root 11241100x8000000000000000693260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0418d23d43ed20e2023-02-07 15:10:22.346root 11241100x8000000000000000693259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19563c3fabbb40d92023-02-07 15:10:22.346root 11241100x8000000000000000693258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d871b39147a9e55a2023-02-07 15:10:22.346root 11241100x8000000000000000693257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df62805d3c0b6d2023-02-07 15:10:22.346root 11241100x8000000000000000693256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39812b01c4632362023-02-07 15:10:22.346root 11241100x8000000000000000693255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a148298443fd02023-02-07 15:10:22.346root 11241100x8000000000000000693254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f888560cfbd8372023-02-07 15:10:22.346root 11241100x8000000000000000693253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf2ed584b0e084f2023-02-07 15:10:22.346root 11241100x8000000000000000693252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8098ef31d39a2c2023-02-07 15:10:22.346root 11241100x8000000000000000693251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b539e1720123d32023-02-07 15:10:22.346root 11241100x8000000000000000693250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ab041b83f957b12023-02-07 15:10:22.346root 11241100x8000000000000000693249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3776c4cd282d692f2023-02-07 15:10:22.346root 11241100x8000000000000000693248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb16b33c0cca022023-02-07 15:10:22.346root 11241100x8000000000000000693261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829a1342e73a2d0f2023-02-07 15:10:22.845root 11241100x8000000000000000693274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856312efa57ddd32023-02-07 15:10:22.846root 11241100x8000000000000000693273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b015cdb5b76b252023-02-07 15:10:22.846root 11241100x8000000000000000693272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd45b412773f86e42023-02-07 15:10:22.846root 11241100x8000000000000000693271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12961771e7bfe4eb2023-02-07 15:10:22.846root 11241100x8000000000000000693270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0494242d9de12d2023-02-07 15:10:22.846root 11241100x8000000000000000693269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076776f8f6699ceb2023-02-07 15:10:22.846root 11241100x8000000000000000693268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ba6f2bcd5e5ca2023-02-07 15:10:22.846root 11241100x8000000000000000693267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24428356147003412023-02-07 15:10:22.846root 11241100x8000000000000000693266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ff9336a512f0452023-02-07 15:10:22.846root 11241100x8000000000000000693265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40938cbc04b514162023-02-07 15:10:22.846root 11241100x8000000000000000693264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a67c9509201a792023-02-07 15:10:22.846root 11241100x8000000000000000693263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b585f2f932cdc2023-02-07 15:10:22.846root 11241100x8000000000000000693262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac275c6c725bf632023-02-07 15:10:22.846root 11241100x8000000000000000693275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fba3b6a68282d52023-02-07 15:10:23.345root 11241100x8000000000000000693288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60114fc8c12c0a2023-02-07 15:10:23.346root 11241100x8000000000000000693287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87caafbb1d6815a62023-02-07 15:10:23.346root 11241100x8000000000000000693286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b18db9636828ae2023-02-07 15:10:23.346root 11241100x8000000000000000693285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4720e115e3d09942023-02-07 15:10:23.346root 11241100x8000000000000000693284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7633057dfd245ce82023-02-07 15:10:23.346root 11241100x8000000000000000693283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8bf016fcaf1d12023-02-07 15:10:23.346root 11241100x8000000000000000693282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0446af82ea968b62023-02-07 15:10:23.346root 11241100x8000000000000000693281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1589b3153de162bb2023-02-07 15:10:23.346root 11241100x8000000000000000693280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6a65ad9a369b812023-02-07 15:10:23.346root 11241100x8000000000000000693279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86089c5e2722f9b2023-02-07 15:10:23.346root 11241100x8000000000000000693278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936360d6b6043072023-02-07 15:10:23.346root 11241100x8000000000000000693277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf21d12a59c7c852023-02-07 15:10:23.346root 11241100x8000000000000000693276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7efa89e458445122023-02-07 15:10:23.346root 11241100x8000000000000000693301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaf36d08995a5352023-02-07 15:10:23.846root 11241100x8000000000000000693300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3392b24290d379b32023-02-07 15:10:23.846root 11241100x8000000000000000693299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8f4346972c48512023-02-07 15:10:23.846root 11241100x8000000000000000693298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dce6943ba4a2dab2023-02-07 15:10:23.846root 11241100x8000000000000000693297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b21403c0018d72023-02-07 15:10:23.846root 11241100x8000000000000000693296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d09ab298a02f682023-02-07 15:10:23.846root 11241100x8000000000000000693295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c10ef960b70f382023-02-07 15:10:23.846root 11241100x8000000000000000693294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0cd722c15ce5ba2023-02-07 15:10:23.846root 11241100x8000000000000000693293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275f8bd550a44a232023-02-07 15:10:23.846root 11241100x8000000000000000693292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bbdfd78413df702023-02-07 15:10:23.846root 11241100x8000000000000000693291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b40e7408bd88f2023-02-07 15:10:23.846root 11241100x8000000000000000693290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4ae32e53099df2023-02-07 15:10:23.846root 11241100x8000000000000000693289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56878f96bb174ee62023-02-07 15:10:23.846root 11241100x8000000000000000693302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc6c785cd4d4932023-02-07 15:10:23.847root 11241100x8000000000000000693303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d670b0442263842023-02-07 15:10:24.345root 11241100x8000000000000000693316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55becbca6e5ba8432023-02-07 15:10:24.346root 11241100x8000000000000000693315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83000e5c88e4a6052023-02-07 15:10:24.346root 11241100x8000000000000000693314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4555a7f64353478c2023-02-07 15:10:24.346root 11241100x8000000000000000693313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2350f91698612bf72023-02-07 15:10:24.346root 11241100x8000000000000000693312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9850e01bdbbd6bce2023-02-07 15:10:24.346root 11241100x8000000000000000693311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629040ef23ccf1b32023-02-07 15:10:24.346root 11241100x8000000000000000693310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae420972d400b082023-02-07 15:10:24.346root 11241100x8000000000000000693309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd00b6ea0fe46cf72023-02-07 15:10:24.346root 11241100x8000000000000000693308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b5992f571d1e42023-02-07 15:10:24.346root 11241100x8000000000000000693307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de5d9a7335eae72023-02-07 15:10:24.346root 11241100x8000000000000000693306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fbcda3c211c9f52023-02-07 15:10:24.346root 11241100x8000000000000000693305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e33752d45df0942023-02-07 15:10:24.346root 11241100x8000000000000000693304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51490d873aca8c2023-02-07 15:10:24.346root 11241100x8000000000000000693319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9163500dd408e4c2023-02-07 15:10:24.732root 11241100x8000000000000000693318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d658382215aa826a2023-02-07 15:10:24.732root 11241100x8000000000000000693317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:10:24.732root 11241100x8000000000000000693333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66453a22152e3bdd2023-02-07 15:10:24.733root 11241100x8000000000000000693332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7675c231a9131d92023-02-07 15:10:24.733root 11241100x8000000000000000693331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12144fb073cc6ae2023-02-07 15:10:24.733root 11241100x8000000000000000693330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2877cbe8f84442072023-02-07 15:10:24.733root 11241100x8000000000000000693329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1391c965c666972023-02-07 15:10:24.733root 11241100x8000000000000000693328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a841f517f6abd2023-02-07 15:10:24.733root 11241100x8000000000000000693327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30074bf8e23132a92023-02-07 15:10:24.733root 11241100x8000000000000000693326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8098a45024fe12023-02-07 15:10:24.733root 11241100x8000000000000000693325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6a72cacb6b7a992023-02-07 15:10:24.733root 11241100x8000000000000000693324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abf39b715139c502023-02-07 15:10:24.733root 11241100x8000000000000000693323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a04aa5eab4bdae02023-02-07 15:10:24.733root 11241100x8000000000000000693322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4debc353542c0812023-02-07 15:10:24.733root 11241100x8000000000000000693321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079f7231899993b2023-02-07 15:10:24.733root 11241100x8000000000000000693320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b743612a9c62752023-02-07 15:10:24.733root 11241100x8000000000000000693334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f9bdfe6bd82642023-02-07 15:10:24.734root 11241100x8000000000000000693340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5b812a530fb8f32023-02-07 15:10:25.095root 11241100x8000000000000000693339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c4e5587f8bcc282023-02-07 15:10:25.095root 11241100x8000000000000000693338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7467ce95883fd12023-02-07 15:10:25.095root 11241100x8000000000000000693337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f581eb41e964642023-02-07 15:10:25.095root 11241100x8000000000000000693336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af12938cd6c803852023-02-07 15:10:25.095root 11241100x8000000000000000693335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e14a8c52246b52023-02-07 15:10:25.095root 11241100x8000000000000000693346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b66904d67912232023-02-07 15:10:25.096root 11241100x8000000000000000693345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d7c1004a2b0762023-02-07 15:10:25.096root 11241100x8000000000000000693344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e61dd93cbeb3552023-02-07 15:10:25.096root 11241100x8000000000000000693343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b044cf7657c6342023-02-07 15:10:25.096root 11241100x8000000000000000693342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5700b2a7588b19b92023-02-07 15:10:25.096root 11241100x8000000000000000693341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598cb4f8c751dc32023-02-07 15:10:25.096root 11241100x8000000000000000693349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ccbf42b7e3fa22023-02-07 15:10:25.097root 11241100x8000000000000000693348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe166d27b13960db2023-02-07 15:10:25.097root 11241100x8000000000000000693347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91de8081b4cffa32023-02-07 15:10:25.097root 354300x8000000000000000693350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.117{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54446-false10.0.1.12-8000- 11241100x8000000000000000693354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbebc479ca2b32e2023-02-07 15:10:25.595root 11241100x8000000000000000693353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd34cd8858a2583b2023-02-07 15:10:25.595root 11241100x8000000000000000693352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70b2670479635fe2023-02-07 15:10:25.595root 11241100x8000000000000000693351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457d13f11f62aa7d2023-02-07 15:10:25.595root 11241100x8000000000000000693362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee51083b4962422023-02-07 15:10:25.596root 11241100x8000000000000000693361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3abe5e07b19b6342023-02-07 15:10:25.596root 11241100x8000000000000000693360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b75958fc63c232023-02-07 15:10:25.596root 11241100x8000000000000000693359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deff5fa7c4e12cb2023-02-07 15:10:25.596root 11241100x8000000000000000693358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e05ceb64f83f9b2023-02-07 15:10:25.596root 11241100x8000000000000000693357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9fe0413101b472023-02-07 15:10:25.596root 11241100x8000000000000000693356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1183d6e1f3a28aa2023-02-07 15:10:25.596root 11241100x8000000000000000693355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab63e282f79a4e282023-02-07 15:10:25.596root 11241100x8000000000000000693366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ced369174e46d2023-02-07 15:10:25.597root 11241100x8000000000000000693365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637d6064e1515bb2023-02-07 15:10:25.597root 11241100x8000000000000000693364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04d2b5c2181f9a72023-02-07 15:10:25.597root 11241100x8000000000000000693363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499e0dd10acd1372023-02-07 15:10:25.597root 11241100x8000000000000000693370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81870a4520085fc12023-02-07 15:10:26.095root 11241100x8000000000000000693369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af37e794e6eac7d52023-02-07 15:10:26.095root 11241100x8000000000000000693368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91f3bf077d751b2023-02-07 15:10:26.095root 11241100x8000000000000000693367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e70daaadfaaaac2023-02-07 15:10:26.095root 11241100x8000000000000000693380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1438850c7558322023-02-07 15:10:26.096root 11241100x8000000000000000693379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1d25ed76dd6122023-02-07 15:10:26.096root 11241100x8000000000000000693378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910535cc292b24b82023-02-07 15:10:26.096root 11241100x8000000000000000693377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd0bebb7641a4132023-02-07 15:10:26.096root 11241100x8000000000000000693376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b59ed5c185ea42a2023-02-07 15:10:26.096root 11241100x8000000000000000693375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f023cc5673f1281e2023-02-07 15:10:26.096root 11241100x8000000000000000693374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f2395f67f7bc392023-02-07 15:10:26.096root 11241100x8000000000000000693373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0ff76ba6b0c372023-02-07 15:10:26.096root 11241100x8000000000000000693372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d241ddb0055b9d2023-02-07 15:10:26.096root 11241100x8000000000000000693371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265de191f4826b42023-02-07 15:10:26.096root 11241100x8000000000000000693382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b929dac3785d13ad2023-02-07 15:10:26.097root 11241100x8000000000000000693381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3370376a32bc8c2023-02-07 15:10:26.097root 11241100x8000000000000000693384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c81f6b8e804cc62023-02-07 15:10:26.595root 11241100x8000000000000000693383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7078d4910c352042023-02-07 15:10:26.595root 11241100x8000000000000000693388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9b32540de677272023-02-07 15:10:26.596root 11241100x8000000000000000693387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df944a5aa34bbb792023-02-07 15:10:26.596root 11241100x8000000000000000693386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7005440ba88372422023-02-07 15:10:26.596root 11241100x8000000000000000693385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d8dbca9e2e0b32023-02-07 15:10:26.596root 11241100x8000000000000000693392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8b2e7b680a63a72023-02-07 15:10:26.597root 11241100x8000000000000000693391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52979e5ee9d7b7192023-02-07 15:10:26.597root 11241100x8000000000000000693390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768aa5ee4f63e9e2023-02-07 15:10:26.597root 11241100x8000000000000000693389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876b17b777e3abe82023-02-07 15:10:26.597root 11241100x8000000000000000693396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c732b043140a12023-02-07 15:10:26.598root 11241100x8000000000000000693395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644b2707a159816a2023-02-07 15:10:26.598root 11241100x8000000000000000693394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aea21702dfd7a42023-02-07 15:10:26.598root 11241100x8000000000000000693393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d20b93365370e2023-02-07 15:10:26.598root 11241100x8000000000000000693400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f50b3f74b3f9c22023-02-07 15:10:26.599root 11241100x8000000000000000693399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efc3cfd071003352023-02-07 15:10:26.599root 11241100x8000000000000000693398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e64ce9307c530c2023-02-07 15:10:26.599root 11241100x8000000000000000693397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d2dcec752d2ef2023-02-07 15:10:26.599root 11241100x8000000000000000693402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492ec7ca90059352023-02-07 15:10:27.095root 11241100x8000000000000000693401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8875b7abc3e1f2023-02-07 15:10:27.095root 11241100x8000000000000000693412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c8a415dfd064b62023-02-07 15:10:27.096root 11241100x8000000000000000693411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4fcf5be8ba3cd92023-02-07 15:10:27.096root 11241100x8000000000000000693410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842aa9dea92333c02023-02-07 15:10:27.096root 11241100x8000000000000000693409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c225eb281e84902023-02-07 15:10:27.096root 11241100x8000000000000000693408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4000b361c6c95faf2023-02-07 15:10:27.096root 11241100x8000000000000000693407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324c22c873f80f02023-02-07 15:10:27.096root 11241100x8000000000000000693406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f23809beffe7a732023-02-07 15:10:27.096root 11241100x8000000000000000693405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25591d4b2c3009a22023-02-07 15:10:27.096root 11241100x8000000000000000693404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb35ac6f2649e712023-02-07 15:10:27.096root 11241100x8000000000000000693403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15077cd927747b0b2023-02-07 15:10:27.096root 11241100x8000000000000000693417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332b974e5418dd542023-02-07 15:10:27.097root 11241100x8000000000000000693416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4326393840a4b92023-02-07 15:10:27.097root 11241100x8000000000000000693415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df66d3b0d5ebbd22023-02-07 15:10:27.097root 11241100x8000000000000000693414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b849f9fb4e1b22023-02-07 15:10:27.097root 11241100x8000000000000000693413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d89733d7d4c0e2b2023-02-07 15:10:27.097root 11241100x8000000000000000693420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd29346521560ac2023-02-07 15:10:27.595root 11241100x8000000000000000693419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d66f343609fe9142023-02-07 15:10:27.595root 11241100x8000000000000000693418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaef333188a9c452023-02-07 15:10:27.595root 11241100x8000000000000000693426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ebfdc7d378ef092023-02-07 15:10:27.596root 11241100x8000000000000000693425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbdada70c56cd6d2023-02-07 15:10:27.596root 11241100x8000000000000000693424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d903838b0711242c2023-02-07 15:10:27.596root 11241100x8000000000000000693423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b769e9e03091bc32023-02-07 15:10:27.596root 11241100x8000000000000000693422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3698aaed87613c782023-02-07 15:10:27.596root 11241100x8000000000000000693421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa8be10ad437842023-02-07 15:10:27.596root 11241100x8000000000000000693432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb28801d4d689e62023-02-07 15:10:27.597root 11241100x8000000000000000693431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bc5e5663b21f82023-02-07 15:10:27.597root 11241100x8000000000000000693430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad78da6a2063252b2023-02-07 15:10:27.597root 11241100x8000000000000000693429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dc6c457d134b3f2023-02-07 15:10:27.597root 11241100x8000000000000000693428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf099c4ea8782fab2023-02-07 15:10:27.597root 11241100x8000000000000000693427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd8c65fb5d9bdb2023-02-07 15:10:27.597root 11241100x8000000000000000693433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff3f28cceb0a992023-02-07 15:10:27.598root 23542300x8000000000000000693434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.734{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000693439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c304d825e41f3e2023-02-07 15:10:28.095root 11241100x8000000000000000693438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc31d5862bc0bc22023-02-07 15:10:28.095root 11241100x8000000000000000693437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb87b7d65da357f2023-02-07 15:10:28.095root 11241100x8000000000000000693436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad486a0514cbc5472023-02-07 15:10:28.095root 11241100x8000000000000000693435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05b5b55031a4ca2023-02-07 15:10:28.095root 11241100x8000000000000000693448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b02ba279cafd9912023-02-07 15:10:28.096root 11241100x8000000000000000693447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b794ccf75b27db2023-02-07 15:10:28.096root 11241100x8000000000000000693446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345c94e9634afb3b2023-02-07 15:10:28.096root 11241100x8000000000000000693445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6b95ab175c4792023-02-07 15:10:28.096root 11241100x8000000000000000693444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266444b773e80692023-02-07 15:10:28.096root 11241100x8000000000000000693443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec07250c04631602023-02-07 15:10:28.096root 11241100x8000000000000000693442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eea221aa8673202023-02-07 15:10:28.096root 11241100x8000000000000000693441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e76398150f9624b2023-02-07 15:10:28.096root 11241100x8000000000000000693440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc85acae3cbab162023-02-07 15:10:28.096root 11241100x8000000000000000693452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1faacd317bfed5a2023-02-07 15:10:28.097root 11241100x8000000000000000693451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6f2d123bd4dfe2023-02-07 15:10:28.097root 11241100x8000000000000000693450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394d789fe4c9f5d72023-02-07 15:10:28.097root 11241100x8000000000000000693449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4536f3e45a7255ae2023-02-07 15:10:28.097root 11241100x8000000000000000693457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a466b8f151cf112023-02-07 15:10:28.595root 11241100x8000000000000000693456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21287b62d646bc7b2023-02-07 15:10:28.595root 11241100x8000000000000000693455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c21f98ed9a19012023-02-07 15:10:28.595root 11241100x8000000000000000693454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfaf1ee0c888a682023-02-07 15:10:28.595root 11241100x8000000000000000693453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a23cc8094795c2023-02-07 15:10:28.595root 11241100x8000000000000000693462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1f3cadff5f941b2023-02-07 15:10:28.596root 11241100x8000000000000000693461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bdc1e784d3c9e12023-02-07 15:10:28.596root 11241100x8000000000000000693460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713eb1cb9409e63c2023-02-07 15:10:28.596root 11241100x8000000000000000693459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d89f03d48f0a72023-02-07 15:10:28.596root 11241100x8000000000000000693458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b3a6125090751e2023-02-07 15:10:28.596root 11241100x8000000000000000693468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31e31ffbeabcc72023-02-07 15:10:28.597root 11241100x8000000000000000693467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec37af0ed4788d2023-02-07 15:10:28.597root 11241100x8000000000000000693466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93663b3a89cbd7b2023-02-07 15:10:28.597root 11241100x8000000000000000693465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff02d03899ac7a2023-02-07 15:10:28.597root 11241100x8000000000000000693464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dec0e655a7b37a2023-02-07 15:10:28.597root 11241100x8000000000000000693463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cd4a0817771f022023-02-07 15:10:28.597root 11241100x8000000000000000693470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5521e05cb0a3ec2023-02-07 15:10:28.598root 11241100x8000000000000000693469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790ecc093fa4dfb92023-02-07 15:10:28.598root 11241100x8000000000000000693474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28853493bd3aa8e2023-02-07 15:10:29.095root 11241100x8000000000000000693473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b0a8b9e2de0aa2023-02-07 15:10:29.095root 11241100x8000000000000000693472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2dc2cd1828a092023-02-07 15:10:29.095root 11241100x8000000000000000693471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5bc86dc3d65c9c2023-02-07 15:10:29.095root 11241100x8000000000000000693482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f4f4449e04c1a2023-02-07 15:10:29.096root 11241100x8000000000000000693481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f132a98083b8ce2023-02-07 15:10:29.096root 11241100x8000000000000000693480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4201cebe4e8cd02023-02-07 15:10:29.096root 11241100x8000000000000000693479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c71edb6fddc302023-02-07 15:10:29.096root 11241100x8000000000000000693478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6703f4c3a3baf0e2023-02-07 15:10:29.096root 11241100x8000000000000000693477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f0aa44a53997f2023-02-07 15:10:29.096root 11241100x8000000000000000693476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb4bed7ea531032023-02-07 15:10:29.096root 11241100x8000000000000000693475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615ed2a908ece6852023-02-07 15:10:29.096root 11241100x8000000000000000693487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9052e7c16f9502023-02-07 15:10:29.097root 11241100x8000000000000000693486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dffe188a9119c92023-02-07 15:10:29.097root 11241100x8000000000000000693485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a77a47979bc452023-02-07 15:10:29.097root 11241100x8000000000000000693484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f8e38cf57a6f162023-02-07 15:10:29.097root 11241100x8000000000000000693483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df11ae93db0f7032023-02-07 15:10:29.097root 11241100x8000000000000000693492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a8a20d8a1c06ce2023-02-07 15:10:29.595root 11241100x8000000000000000693491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b668dc4bc8f4392023-02-07 15:10:29.595root 11241100x8000000000000000693490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b699253cf88103e72023-02-07 15:10:29.595root 11241100x8000000000000000693489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f56ca52973262e82023-02-07 15:10:29.595root 11241100x8000000000000000693488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a392e9f17a2bb2023-02-07 15:10:29.595root 11241100x8000000000000000693499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead80dabf67a5792023-02-07 15:10:29.596root 11241100x8000000000000000693498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0e585739e03e72023-02-07 15:10:29.596root 11241100x8000000000000000693497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd2dc3a11c72b92023-02-07 15:10:29.596root 11241100x8000000000000000693496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e59299df4d70e022023-02-07 15:10:29.596root 11241100x8000000000000000693495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177eb1fc9c0391db2023-02-07 15:10:29.596root 11241100x8000000000000000693494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95891ad4b5ef3b2023-02-07 15:10:29.596root 11241100x8000000000000000693493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d455357ac9d009a2023-02-07 15:10:29.596root 11241100x8000000000000000693502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e24dcc4f5368dde2023-02-07 15:10:29.597root 11241100x8000000000000000693501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4946f94650afcf1b2023-02-07 15:10:29.597root 11241100x8000000000000000693500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fa704b344c0f9d2023-02-07 15:10:29.597root 11241100x8000000000000000693505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e8989155c36cc52023-02-07 15:10:29.598root 11241100x8000000000000000693504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e691a480cf9d24d2023-02-07 15:10:29.598root 11241100x8000000000000000693503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d82364c6beaf932023-02-07 15:10:29.598root 11241100x8000000000000000693509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b751952be25849102023-02-07 15:10:30.095root 11241100x8000000000000000693508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9d9e2d1f876692023-02-07 15:10:30.095root 11241100x8000000000000000693507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382c109c5930f6012023-02-07 15:10:30.095root 11241100x8000000000000000693506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283afcdb717a76772023-02-07 15:10:30.095root 11241100x8000000000000000693516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e09ee059bdcc862023-02-07 15:10:30.096root 11241100x8000000000000000693515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68ad6f3c23523262023-02-07 15:10:30.096root 11241100x8000000000000000693514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e91168949e91b32023-02-07 15:10:30.096root 11241100x8000000000000000693513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11872090e6c8fb722023-02-07 15:10:30.096root 11241100x8000000000000000693512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196ebe5f92f7ccc62023-02-07 15:10:30.096root 11241100x8000000000000000693511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eb9ff11064da7d2023-02-07 15:10:30.096root 11241100x8000000000000000693510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9287901964fdba802023-02-07 15:10:30.096root 11241100x8000000000000000693523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f758aea950b7b2d2023-02-07 15:10:30.097root 11241100x8000000000000000693522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b143c21f65a4542023-02-07 15:10:30.097root 11241100x8000000000000000693521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d493e5e484e43f2023-02-07 15:10:30.097root 11241100x8000000000000000693520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efff738a498b75dd2023-02-07 15:10:30.097root 11241100x8000000000000000693519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc9fd52f4603d192023-02-07 15:10:30.097root 11241100x8000000000000000693518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df637e6d3502c52023-02-07 15:10:30.097root 11241100x8000000000000000693517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff6514b260eff1f2023-02-07 15:10:30.097root 354300x8000000000000000693524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.167{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54462-false10.0.1.12-8000- 11241100x8000000000000000693529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38154404defbcbce2023-02-07 15:10:30.595root 11241100x8000000000000000693528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05e59ac678776b2023-02-07 15:10:30.595root 11241100x8000000000000000693527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a1895866142942023-02-07 15:10:30.595root 11241100x8000000000000000693526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d67e7b0a0deda02023-02-07 15:10:30.595root 11241100x8000000000000000693525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033eb5dfb2a8e30d2023-02-07 15:10:30.595root 11241100x8000000000000000693540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef91a0bcb245762023-02-07 15:10:30.596root 11241100x8000000000000000693539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadc1419f1b4a97d2023-02-07 15:10:30.596root 11241100x8000000000000000693538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe149c503a339f2023-02-07 15:10:30.596root 11241100x8000000000000000693537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eddae70e07308292023-02-07 15:10:30.596root 11241100x8000000000000000693536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53848af4c2fe70462023-02-07 15:10:30.596root 11241100x8000000000000000693535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e854ea5db862772023-02-07 15:10:30.596root 11241100x8000000000000000693534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2676cc5a762f092023-02-07 15:10:30.596root 11241100x8000000000000000693533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09e87aefda58f312023-02-07 15:10:30.596root 11241100x8000000000000000693532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb63bb08703429c02023-02-07 15:10:30.596root 11241100x8000000000000000693531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d1f00b730534792023-02-07 15:10:30.596root 11241100x8000000000000000693530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb1ffa33abe51f2023-02-07 15:10:30.596root 11241100x8000000000000000693543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d2d872e0bd2fb2023-02-07 15:10:30.597root 11241100x8000000000000000693542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b183bf8179c372023-02-07 15:10:30.597root 11241100x8000000000000000693541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5cf6fd484aa9fc2023-02-07 15:10:30.597root 11241100x8000000000000000693547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ee342ec4b126332023-02-07 15:10:31.095root 11241100x8000000000000000693546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64fd1de3c6d0da02023-02-07 15:10:31.095root 11241100x8000000000000000693545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92572dc9e7548f232023-02-07 15:10:31.095root 11241100x8000000000000000693544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925063c959a749bd2023-02-07 15:10:31.095root 11241100x8000000000000000693554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f7663c596f2e42023-02-07 15:10:31.096root 11241100x8000000000000000693553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7332ebaa1f545b72023-02-07 15:10:31.096root 11241100x8000000000000000693552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598301d50ee664992023-02-07 15:10:31.096root 11241100x8000000000000000693551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5c1308e1a0fe82023-02-07 15:10:31.096root 11241100x8000000000000000693550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285019b4840677052023-02-07 15:10:31.096root 11241100x8000000000000000693549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29220895905a702023-02-07 15:10:31.096root 11241100x8000000000000000693548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbe7e68f44e8f1b2023-02-07 15:10:31.096root 11241100x8000000000000000693562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a37324fb3b094b2023-02-07 15:10:31.097root 11241100x8000000000000000693561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baab1f0401b8060d2023-02-07 15:10:31.097root 11241100x8000000000000000693560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c9306db9d226b72023-02-07 15:10:31.097root 11241100x8000000000000000693559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ed3399855366aa2023-02-07 15:10:31.097root 11241100x8000000000000000693558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7770d600a772b25e2023-02-07 15:10:31.097root 11241100x8000000000000000693557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1dd2c48a2f75862023-02-07 15:10:31.097root 11241100x8000000000000000693556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3532dacd77f76d02023-02-07 15:10:31.097root 11241100x8000000000000000693555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d28ce4bded56a272023-02-07 15:10:31.097root 11241100x8000000000000000693574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9409f70b835ce0a2023-02-07 15:10:31.596root 11241100x8000000000000000693573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e95459e220c3772023-02-07 15:10:31.596root 11241100x8000000000000000693572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0a17f36d125882023-02-07 15:10:31.596root 11241100x8000000000000000693571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d9256e17515822023-02-07 15:10:31.596root 11241100x8000000000000000693570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693616ea37fd72b22023-02-07 15:10:31.596root 11241100x8000000000000000693569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324a232471c7ee822023-02-07 15:10:31.596root 11241100x8000000000000000693568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02859c795cafdcaf2023-02-07 15:10:31.596root 11241100x8000000000000000693567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef30373621d4c1a2023-02-07 15:10:31.596root 11241100x8000000000000000693566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564f529b85a715872023-02-07 15:10:31.596root 11241100x8000000000000000693565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0872296c2a4a362023-02-07 15:10:31.596root 11241100x8000000000000000693564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90772625fb8f85012023-02-07 15:10:31.596root 11241100x8000000000000000693563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71ccdf6ae759d2e2023-02-07 15:10:31.596root 11241100x8000000000000000693580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa71cdf92338d5692023-02-07 15:10:31.597root 11241100x8000000000000000693579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf2b77458a6fc02023-02-07 15:10:31.597root 11241100x8000000000000000693578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f206da869ef68bfa2023-02-07 15:10:31.597root 11241100x8000000000000000693577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b322c640b25992023-02-07 15:10:31.597root 11241100x8000000000000000693576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd30bd06597de5242023-02-07 15:10:31.597root 11241100x8000000000000000693575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a35b46e508af82023-02-07 15:10:31.597root 11241100x8000000000000000693583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d383a65c3f4af7372023-02-07 15:10:32.095root 11241100x8000000000000000693582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4449db54975c7a2023-02-07 15:10:32.095root 11241100x8000000000000000693581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bceb2eadbbcef262023-02-07 15:10:32.095root 11241100x8000000000000000693587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fb2dbe688a73952023-02-07 15:10:32.096root 11241100x8000000000000000693586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e93f1f819cfea2023-02-07 15:10:32.096root 11241100x8000000000000000693585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4f0a6cfb765032023-02-07 15:10:32.096root 11241100x8000000000000000693584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8081a3f580a15c2023-02-07 15:10:32.096root 11241100x8000000000000000693594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369415ac0f603842023-02-07 15:10:32.097root 11241100x8000000000000000693593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb1a03007b4aaf52023-02-07 15:10:32.097root 11241100x8000000000000000693592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bbe40d57db49112023-02-07 15:10:32.097root 11241100x8000000000000000693591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c4480d26f9ce5d2023-02-07 15:10:32.097root 11241100x8000000000000000693590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8bc389d66c431f2023-02-07 15:10:32.097root 11241100x8000000000000000693589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5cc45c02fa0bb62023-02-07 15:10:32.097root 11241100x8000000000000000693588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa31cd6bc14b482023-02-07 15:10:32.097root 11241100x8000000000000000693600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54427a87d3758702023-02-07 15:10:32.098root 11241100x8000000000000000693599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0529a131ec513072023-02-07 15:10:32.098root 11241100x8000000000000000693598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc4b029b260bfc2023-02-07 15:10:32.098root 11241100x8000000000000000693597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7f0c556514c6af2023-02-07 15:10:32.098root 11241100x8000000000000000693596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5a07095311b3f2023-02-07 15:10:32.098root 11241100x8000000000000000693595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a712a215ddc59a2023-02-07 15:10:32.098root 11241100x8000000000000000693612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44ed2607579622f2023-02-07 15:10:32.596root 11241100x8000000000000000693611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c021a2c658753b32023-02-07 15:10:32.596root 11241100x8000000000000000693610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a4ff33910937a2023-02-07 15:10:32.596root 11241100x8000000000000000693609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10fd019d123f8d12023-02-07 15:10:32.596root 11241100x8000000000000000693608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2e4f339ecc12112023-02-07 15:10:32.596root 11241100x8000000000000000693607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53c44a054ec23c2023-02-07 15:10:32.596root 11241100x8000000000000000693606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4329092ae96e222023-02-07 15:10:32.596root 11241100x8000000000000000693605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcb44e77e59eb42023-02-07 15:10:32.596root 11241100x8000000000000000693604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f937368b4b6c6c2023-02-07 15:10:32.596root 11241100x8000000000000000693603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b98b57246cfdc92023-02-07 15:10:32.596root 11241100x8000000000000000693602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd2628ca0cdf8b2023-02-07 15:10:32.596root 11241100x8000000000000000693601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4dd7447df3b2242023-02-07 15:10:32.596root 11241100x8000000000000000693618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b8af654f1a58c2023-02-07 15:10:32.597root 11241100x8000000000000000693617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17321a9731b9d2fe2023-02-07 15:10:32.597root 11241100x8000000000000000693616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba622bdf622166082023-02-07 15:10:32.597root 11241100x8000000000000000693615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1303d16f820925f52023-02-07 15:10:32.597root 11241100x8000000000000000693614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10b7de8dbbfc3752023-02-07 15:10:32.597root 11241100x8000000000000000693613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17e54e9e1e4f7c42023-02-07 15:10:32.597root 11241100x8000000000000000693625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c6796083e632302023-02-07 15:10:33.095root 11241100x8000000000000000693624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98edb188b89240c52023-02-07 15:10:33.095root 11241100x8000000000000000693623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034435a88406118f2023-02-07 15:10:33.095root 11241100x8000000000000000693622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeba3062cd771b92023-02-07 15:10:33.095root 11241100x8000000000000000693621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617ed175711170c2023-02-07 15:10:33.095root 11241100x8000000000000000693620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5239484c4a03a2023-02-07 15:10:33.095root 11241100x8000000000000000693619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c4489a08d54e62023-02-07 15:10:33.095root 11241100x8000000000000000693631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4276ba25f368e7d32023-02-07 15:10:33.096root 11241100x8000000000000000693630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751dc4506792e9a92023-02-07 15:10:33.096root 11241100x8000000000000000693629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62333773bdcd25ef2023-02-07 15:10:33.096root 11241100x8000000000000000693628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d7775c42e9a4422023-02-07 15:10:33.096root 11241100x8000000000000000693627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20e0a9f919d3a962023-02-07 15:10:33.096root 11241100x8000000000000000693626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4efd5fb7b216202023-02-07 15:10:33.096root 11241100x8000000000000000693635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f8b7ba1adb9a82023-02-07 15:10:33.097root 11241100x8000000000000000693634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361719e1f63761712023-02-07 15:10:33.097root 11241100x8000000000000000693633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5606b14f83184d2023-02-07 15:10:33.097root 11241100x8000000000000000693632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ba6648aeb549b2023-02-07 15:10:33.097root 11241100x8000000000000000693636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b2776d900615652023-02-07 15:10:33.098root 11241100x8000000000000000693640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc198bc6d6d895a2023-02-07 15:10:33.595root 11241100x8000000000000000693639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784a9bc6fa1c3fa62023-02-07 15:10:33.595root 11241100x8000000000000000693638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae970a51797aecc02023-02-07 15:10:33.595root 11241100x8000000000000000693637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced7a92da3f943e92023-02-07 15:10:33.595root 11241100x8000000000000000693648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54dd92f805da622023-02-07 15:10:33.596root 11241100x8000000000000000693647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd9e2922bc58002023-02-07 15:10:33.596root 11241100x8000000000000000693646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4f29d4846c9832023-02-07 15:10:33.596root 11241100x8000000000000000693645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27767ac1c1e61c172023-02-07 15:10:33.596root 11241100x8000000000000000693644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13473031d763c9d22023-02-07 15:10:33.596root 11241100x8000000000000000693643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65fe96c08e5d69b2023-02-07 15:10:33.596root 11241100x8000000000000000693642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cee4dfc38d65052023-02-07 15:10:33.596root 11241100x8000000000000000693641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8308dbc1cde217a2023-02-07 15:10:33.596root 11241100x8000000000000000693652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8377263e6d8ac92023-02-07 15:10:33.597root 11241100x8000000000000000693651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47713842667de5fb2023-02-07 15:10:33.597root 11241100x8000000000000000693650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add5f494a929edc12023-02-07 15:10:33.597root 11241100x8000000000000000693649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d91c9812faf0c92023-02-07 15:10:33.597root 11241100x8000000000000000693655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffbc9197c05b0352023-02-07 15:10:33.598root 11241100x8000000000000000693654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ca19ed9ffb49e2023-02-07 15:10:33.598root 11241100x8000000000000000693653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3217d76109c58d2023-02-07 15:10:33.598root 11241100x8000000000000000693656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00da1a67220464ff2023-02-07 15:10:34.095root 11241100x8000000000000000693661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ce40b41294cbe92023-02-07 15:10:34.096root 11241100x8000000000000000693660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940f01e98c8051f2023-02-07 15:10:34.096root 11241100x8000000000000000693659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d01b44ee54fdb2023-02-07 15:10:34.096root 11241100x8000000000000000693658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6997026535bdc42023-02-07 15:10:34.096root 11241100x8000000000000000693657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d724287a996feba92023-02-07 15:10:34.096root 11241100x8000000000000000693668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb2302140dd40b2023-02-07 15:10:34.097root 11241100x8000000000000000693667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9383937d733319b2023-02-07 15:10:34.097root 11241100x8000000000000000693666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8e94671c27c3e92023-02-07 15:10:34.097root 11241100x8000000000000000693665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d4b43ac5aa97182023-02-07 15:10:34.097root 11241100x8000000000000000693664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676d4e02664c81e2023-02-07 15:10:34.097root 11241100x8000000000000000693663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc237e4cdecfbe2023-02-07 15:10:34.097root 11241100x8000000000000000693662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4003cfe5475ad2023-02-07 15:10:34.097root 11241100x8000000000000000693673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bb41ebc575233c2023-02-07 15:10:34.098root 11241100x8000000000000000693672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9217a908469165122023-02-07 15:10:34.098root 11241100x8000000000000000693671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1dfaa20a1e38732023-02-07 15:10:34.098root 11241100x8000000000000000693670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6abe4678592f0f2023-02-07 15:10:34.098root 11241100x8000000000000000693669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d8319ca85c59b2023-02-07 15:10:34.098root 11241100x8000000000000000693677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51c042f5c5a40292023-02-07 15:10:34.595root 11241100x8000000000000000693676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994fe71ad2668c932023-02-07 15:10:34.595root 11241100x8000000000000000693675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552b75f0eeeff132023-02-07 15:10:34.595root 11241100x8000000000000000693674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576187b6544539b02023-02-07 15:10:34.595root 11241100x8000000000000000693684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee303f04eb4f31482023-02-07 15:10:34.596root 11241100x8000000000000000693683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fa19eeb9acacf32023-02-07 15:10:34.596root 11241100x8000000000000000693682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ccf3a1c718ae852023-02-07 15:10:34.596root 11241100x8000000000000000693681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48dfc6da96f6362023-02-07 15:10:34.596root 11241100x8000000000000000693680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1d519af54a4db92023-02-07 15:10:34.596root 11241100x8000000000000000693679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a2fa41cf46fe872023-02-07 15:10:34.596root 11241100x8000000000000000693678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbe024e1bfd7b872023-02-07 15:10:34.596root 11241100x8000000000000000693689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd7221f5b75e9422023-02-07 15:10:34.597root 11241100x8000000000000000693688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ebd393303d41002023-02-07 15:10:34.597root 11241100x8000000000000000693687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa1a59bab5034c2023-02-07 15:10:34.597root 11241100x8000000000000000693686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99d8da15c972d62023-02-07 15:10:34.597root 11241100x8000000000000000693685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a02ce123acb9742023-02-07 15:10:34.597root 11241100x8000000000000000693691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4422b886004f05052023-02-07 15:10:34.598root 11241100x8000000000000000693690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f726f5cb1e238f2c2023-02-07 15:10:34.598root 11241100x8000000000000000693703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9984417c7464442023-02-07 15:10:35.096root 11241100x8000000000000000693702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0909e3e8e1961a962023-02-07 15:10:35.096root 11241100x8000000000000000693701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7118d78dd2fef8202023-02-07 15:10:35.096root 11241100x8000000000000000693700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a9951f2aa30a3e2023-02-07 15:10:35.096root 11241100x8000000000000000693699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9676c678fe0b9252023-02-07 15:10:35.096root 11241100x8000000000000000693698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b72ca926483cf2023-02-07 15:10:35.096root 11241100x8000000000000000693697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7add49cfb752f6a42023-02-07 15:10:35.096root 11241100x8000000000000000693696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eee7c0373984f0f2023-02-07 15:10:35.096root 11241100x8000000000000000693695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73513559806ab72023-02-07 15:10:35.096root 11241100x8000000000000000693694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65be1e5bf4e4c82023-02-07 15:10:35.096root 11241100x8000000000000000693693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5016a1716a71d7c62023-02-07 15:10:35.096root 11241100x8000000000000000693692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d1a8712eec7b92023-02-07 15:10:35.096root 11241100x8000000000000000693709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0c202acf9498a2023-02-07 15:10:35.097root 11241100x8000000000000000693708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de756f62279025e92023-02-07 15:10:35.097root 11241100x8000000000000000693707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca740a66c523a2f22023-02-07 15:10:35.097root 11241100x8000000000000000693706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6276039570cedfd82023-02-07 15:10:35.097root 11241100x8000000000000000693705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c36e96526758562023-02-07 15:10:35.097root 11241100x8000000000000000693704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191f04d9219630f62023-02-07 15:10:35.097root 354300x8000000000000000693710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50882-false10.0.1.12-8000- 11241100x8000000000000000693716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcab0263a401fed2023-02-07 15:10:35.595root 11241100x8000000000000000693715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3defdb7320de09172023-02-07 15:10:35.595root 11241100x8000000000000000693714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c72059ede50bdb2023-02-07 15:10:35.595root 11241100x8000000000000000693713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c73a9b9b5483c2023-02-07 15:10:35.595root 11241100x8000000000000000693712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4d040c66df1762023-02-07 15:10:35.595root 11241100x8000000000000000693711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5628f1c157193f2023-02-07 15:10:35.595root 11241100x8000000000000000693727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9884d75b5f55e32023-02-07 15:10:35.596root 11241100x8000000000000000693726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81c2a81f2e7dca62023-02-07 15:10:35.596root 11241100x8000000000000000693725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24756448e1e2e272023-02-07 15:10:35.596root 11241100x8000000000000000693724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd46e5b7afca4add2023-02-07 15:10:35.596root 11241100x8000000000000000693723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce86a4c18269f58b2023-02-07 15:10:35.596root 11241100x8000000000000000693722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435ebf64b27fd7ec2023-02-07 15:10:35.596root 11241100x8000000000000000693721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714de76f757c74c42023-02-07 15:10:35.596root 11241100x8000000000000000693720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55faf89e3ff3606b2023-02-07 15:10:35.596root 11241100x8000000000000000693719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e3cc5e999b7982023-02-07 15:10:35.596root 11241100x8000000000000000693718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b0eb6c2602a7c2023-02-07 15:10:35.596root 11241100x8000000000000000693717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b59cc0947856ba2023-02-07 15:10:35.596root 11241100x8000000000000000693730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ec3c8148f959332023-02-07 15:10:35.597root 11241100x8000000000000000693729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351059b90077c252023-02-07 15:10:35.597root 11241100x8000000000000000693728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d50770b3761a0c2023-02-07 15:10:35.597root 11241100x8000000000000000693734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6069f24ac869551f2023-02-07 15:10:36.095root 11241100x8000000000000000693733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6c66b1fd808a282023-02-07 15:10:36.095root 11241100x8000000000000000693732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4d58abd77c7312023-02-07 15:10:36.095root 11241100x8000000000000000693731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54ddd3064eb120f2023-02-07 15:10:36.095root 11241100x8000000000000000693739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11a7c97b6bf16d22023-02-07 15:10:36.096root 11241100x8000000000000000693738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51a254f75b28b1e2023-02-07 15:10:36.096root 11241100x8000000000000000693737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38582b7395f513652023-02-07 15:10:36.096root 11241100x8000000000000000693736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124a1298d4d9c2a2023-02-07 15:10:36.096root 11241100x8000000000000000693735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc84d15e1fc06632023-02-07 15:10:36.096root 11241100x8000000000000000693743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec97cb6aea0424402023-02-07 15:10:36.097root 11241100x8000000000000000693742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb31ceeb3aafae2023-02-07 15:10:36.097root 11241100x8000000000000000693741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132627e0eae43b842023-02-07 15:10:36.097root 11241100x8000000000000000693740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbeb748477b220c2023-02-07 15:10:36.097root 11241100x8000000000000000693749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8db4b0f48067942023-02-07 15:10:36.098root 11241100x8000000000000000693748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fe8c07b9f235362023-02-07 15:10:36.098root 11241100x8000000000000000693747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fdb39aa4ab6872023-02-07 15:10:36.098root 11241100x8000000000000000693746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd63fb34d50f7cba2023-02-07 15:10:36.098root 11241100x8000000000000000693745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535304c437ecbed32023-02-07 15:10:36.098root 11241100x8000000000000000693744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e580e14fd37af3c2023-02-07 15:10:36.098root 11241100x8000000000000000693751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45d0cd27c578642023-02-07 15:10:36.099root 11241100x8000000000000000693750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8924e1c914bdac2023-02-07 15:10:36.099root 11241100x8000000000000000693755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d6a62616a147d2023-02-07 15:10:36.595root 11241100x8000000000000000693754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34afae1e2fa9ad222023-02-07 15:10:36.595root 11241100x8000000000000000693753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd00b06e99c08aa2023-02-07 15:10:36.595root 11241100x8000000000000000693752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e871a60aee5ce002023-02-07 15:10:36.595root 11241100x8000000000000000693758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382bca15f7dbf2392023-02-07 15:10:36.596root 11241100x8000000000000000693757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124691bd82ad8e3a2023-02-07 15:10:36.596root 11241100x8000000000000000693756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dc827ab905b58e2023-02-07 15:10:36.596root 11241100x8000000000000000693761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37868e4ac86658712023-02-07 15:10:36.597root 11241100x8000000000000000693760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068fee6c0d2157b2023-02-07 15:10:36.597root 11241100x8000000000000000693759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793aac461fe13f82023-02-07 15:10:36.597root 11241100x8000000000000000693764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e5c1bce8a9da7f2023-02-07 15:10:36.598root 11241100x8000000000000000693763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e8d7e66277e5a22023-02-07 15:10:36.598root 11241100x8000000000000000693762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92934cf7d4a5776b2023-02-07 15:10:36.598root 11241100x8000000000000000693767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13c647c259f9c72023-02-07 15:10:36.599root 11241100x8000000000000000693766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba98e4436e7b57842023-02-07 15:10:36.599root 11241100x8000000000000000693765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc581e4086bc1ba62023-02-07 15:10:36.599root 11241100x8000000000000000693771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fcd1a0a4837b0f2023-02-07 15:10:36.600root 11241100x8000000000000000693770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34cc0a71afcf8ce2023-02-07 15:10:36.600root 11241100x8000000000000000693769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30549a9ff7676f072023-02-07 15:10:36.600root 11241100x8000000000000000693768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08f9c66bfa841e92023-02-07 15:10:36.600root 11241100x8000000000000000693773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee40254d7af4ba92023-02-07 15:10:36.601root 11241100x8000000000000000693772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87d8625cf76819e2023-02-07 15:10:36.601root 11241100x8000000000000000693774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d7edbd22f647c2023-02-07 15:10:37.095root 11241100x8000000000000000693778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb228cd1b606cc22023-02-07 15:10:37.096root 11241100x8000000000000000693777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b589a877b3d4752023-02-07 15:10:37.096root 11241100x8000000000000000693776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfa8c582012b702023-02-07 15:10:37.096root 11241100x8000000000000000693775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388deb95c60b080e2023-02-07 15:10:37.096root 11241100x8000000000000000693781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f2775351e73c0e2023-02-07 15:10:37.097root 11241100x8000000000000000693780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532265113b9621452023-02-07 15:10:37.097root 11241100x8000000000000000693779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed144591b6755e552023-02-07 15:10:37.097root 11241100x8000000000000000693785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211eba9c7fc35ef2023-02-07 15:10:37.098root 11241100x8000000000000000693784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa94665ad7cb822023-02-07 15:10:37.098root 11241100x8000000000000000693783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294058069de142ca2023-02-07 15:10:37.098root 11241100x8000000000000000693782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4f52e1199ef49e2023-02-07 15:10:37.098root 11241100x8000000000000000693790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb90b05c9d19adf2023-02-07 15:10:37.099root 11241100x8000000000000000693789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7221ad097eebf62023-02-07 15:10:37.099root 11241100x8000000000000000693788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f062c200029dd92023-02-07 15:10:37.099root 11241100x8000000000000000693787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93936b323a3c68f32023-02-07 15:10:37.099root 11241100x8000000000000000693786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb8d8b4ce55fbdc2023-02-07 15:10:37.099root 11241100x8000000000000000693792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a11aea64f47312023-02-07 15:10:37.100root 11241100x8000000000000000693791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed35f62a3b119d72023-02-07 15:10:37.100root 11241100x8000000000000000693795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62e5d49b97afae2023-02-07 15:10:37.595root 11241100x8000000000000000693794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4317a93630280c2023-02-07 15:10:37.595root 11241100x8000000000000000693793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523537d13312ec122023-02-07 15:10:37.595root 11241100x8000000000000000693800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b736654b35f5e8702023-02-07 15:10:37.596root 11241100x8000000000000000693799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec19b1dbf6f62b212023-02-07 15:10:37.596root 11241100x8000000000000000693798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f03e9c6f319a6f62023-02-07 15:10:37.596root 11241100x8000000000000000693797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc76c876fdda0a62023-02-07 15:10:37.596root 11241100x8000000000000000693796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5556dd841b7f4f102023-02-07 15:10:37.596root 11241100x8000000000000000693804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964c870bf30db552023-02-07 15:10:37.597root 11241100x8000000000000000693803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6036e432b9b3c02023-02-07 15:10:37.597root 11241100x8000000000000000693802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb3c87c73977a772023-02-07 15:10:37.597root 11241100x8000000000000000693801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f75268ba4d36412023-02-07 15:10:37.597root 11241100x8000000000000000693807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa310f0f8455aced2023-02-07 15:10:37.598root 11241100x8000000000000000693806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288c9abf0275f3c2023-02-07 15:10:37.598root 11241100x8000000000000000693805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc5cc36ea5ec662023-02-07 15:10:37.598root 11241100x8000000000000000693812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f99430f40d5d692023-02-07 15:10:37.599root 11241100x8000000000000000693811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bedaa060eff31df2023-02-07 15:10:37.599root 11241100x8000000000000000693810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af322cb88d6458402023-02-07 15:10:37.599root 11241100x8000000000000000693809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2932bbbf315f452023-02-07 15:10:37.599root 11241100x8000000000000000693808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef2a02f6b4227d52023-02-07 15:10:37.599root 11241100x8000000000000000693814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835cd918663bd2de2023-02-07 15:10:38.095root 11241100x8000000000000000693813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc0436e585de972023-02-07 15:10:38.095root 11241100x8000000000000000693818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aff8e94bea0f8ae2023-02-07 15:10:38.096root 11241100x8000000000000000693817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d4bb635d53fff22023-02-07 15:10:38.096root 11241100x8000000000000000693816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3493ce571722d9222023-02-07 15:10:38.096root 11241100x8000000000000000693815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9436412e98a652023-02-07 15:10:38.096root 11241100x8000000000000000693822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21b0aedc97442652023-02-07 15:10:38.097root 11241100x8000000000000000693821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226728ec34b4deed2023-02-07 15:10:38.097root 11241100x8000000000000000693820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc8d28ab1bf3e72023-02-07 15:10:38.097root 11241100x8000000000000000693819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c3ded1097965d2023-02-07 15:10:38.097root 11241100x8000000000000000693824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0feb3572bc20a2023-02-07 15:10:38.098root 11241100x8000000000000000693823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245285df729416572023-02-07 15:10:38.098root 11241100x8000000000000000693825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6534d226a3401e092023-02-07 15:10:38.102root 11241100x8000000000000000693828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab315db2dc690572023-02-07 15:10:38.103root 11241100x8000000000000000693827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb30661c3b04c82023-02-07 15:10:38.103root 11241100x8000000000000000693826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f14d51347235f2023-02-07 15:10:38.103root 11241100x8000000000000000693831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ee15d10fbb36fd2023-02-07 15:10:38.104root 11241100x8000000000000000693830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acca71c9b4788c52023-02-07 15:10:38.104root 11241100x8000000000000000693829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9433150ff388192023-02-07 15:10:38.104root 11241100x8000000000000000693833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a418701306fd35ef2023-02-07 15:10:38.595root 11241100x8000000000000000693832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69fb450f757ccd2023-02-07 15:10:38.595root 11241100x8000000000000000693837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac3fa774bb55662023-02-07 15:10:38.596root 11241100x8000000000000000693836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471398bf87c67692023-02-07 15:10:38.596root 11241100x8000000000000000693835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28448272ea01e0962023-02-07 15:10:38.596root 11241100x8000000000000000693834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be99fa679d0c332023-02-07 15:10:38.596root 11241100x8000000000000000693840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2614893b8356322023-02-07 15:10:38.597root 11241100x8000000000000000693839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4174a8de5816373e2023-02-07 15:10:38.597root 11241100x8000000000000000693838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf419e3de097c822023-02-07 15:10:38.597root 11241100x8000000000000000693845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2ba63d551bdb542023-02-07 15:10:38.598root 11241100x8000000000000000693844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da47098788fec6c32023-02-07 15:10:38.598root 11241100x8000000000000000693843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c214f0c954e5b962023-02-07 15:10:38.598root 11241100x8000000000000000693842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb15e7f7e44c0d622023-02-07 15:10:38.598root 11241100x8000000000000000693841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b18a0e1eaa1fe52023-02-07 15:10:38.598root 11241100x8000000000000000693849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e5c1b57814a11b2023-02-07 15:10:38.599root 11241100x8000000000000000693848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaefa405d9179672023-02-07 15:10:38.599root 11241100x8000000000000000693847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b560bfffa856a312023-02-07 15:10:38.599root 11241100x8000000000000000693846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab9bb040cbc7db2023-02-07 15:10:38.599root 11241100x8000000000000000693851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963be9e45cff9ef52023-02-07 15:10:38.600root 11241100x8000000000000000693850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eec19b81224df42023-02-07 15:10:38.600root 11241100x8000000000000000693853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b380a1a0223cff8d2023-02-07 15:10:39.095root 11241100x8000000000000000693852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e695c9c92a9a93352023-02-07 15:10:39.095root 11241100x8000000000000000693856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd0a26578665c42023-02-07 15:10:39.096root 11241100x8000000000000000693855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a674d1e43f20d02023-02-07 15:10:39.096root 11241100x8000000000000000693854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9bd8ec74026862023-02-07 15:10:39.096root 11241100x8000000000000000693860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cc65a74492469a2023-02-07 15:10:39.097root 11241100x8000000000000000693859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234291cf50bb08972023-02-07 15:10:39.097root 11241100x8000000000000000693858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14304d1ffc69a4992023-02-07 15:10:39.097root 11241100x8000000000000000693857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cfce4deb1cafeb2023-02-07 15:10:39.097root 11241100x8000000000000000693864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44552dff4cec9a202023-02-07 15:10:39.098root 11241100x8000000000000000693863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f9a9cfa319ac32023-02-07 15:10:39.098root 11241100x8000000000000000693862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b793389308e126672023-02-07 15:10:39.098root 11241100x8000000000000000693861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abc6668d7aeccfe2023-02-07 15:10:39.098root 11241100x8000000000000000693868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb404b7fefdf42f2023-02-07 15:10:39.099root 11241100x8000000000000000693867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ff76042ce73492023-02-07 15:10:39.099root 11241100x8000000000000000693866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352fbf7d8f42ec5e2023-02-07 15:10:39.099root 11241100x8000000000000000693865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4898251cf185d9c02023-02-07 15:10:39.099root 11241100x8000000000000000693870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1901eca0ddddb202023-02-07 15:10:39.100root 11241100x8000000000000000693869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad130077b1d6d1c82023-02-07 15:10:39.100root 11241100x8000000000000000693872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c14b67e31897a12023-02-07 15:10:39.595root 11241100x8000000000000000693871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdec36ce7f99eea2023-02-07 15:10:39.595root 11241100x8000000000000000693875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7a2d05e43a30ef2023-02-07 15:10:39.596root 11241100x8000000000000000693874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886580a96ede3422023-02-07 15:10:39.596root 11241100x8000000000000000693873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0df6274297bc12023-02-07 15:10:39.596root 11241100x8000000000000000693879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbf3c03aee4a1b32023-02-07 15:10:39.597root 11241100x8000000000000000693878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ce2cbddc207d92023-02-07 15:10:39.597root 11241100x8000000000000000693877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418e7b05540d4a5a2023-02-07 15:10:39.597root 11241100x8000000000000000693876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197b8faaabe39e022023-02-07 15:10:39.597root 11241100x8000000000000000693883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0c32f9666dcb992023-02-07 15:10:39.598root 11241100x8000000000000000693882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745a5514bab2fdc22023-02-07 15:10:39.598root 11241100x8000000000000000693881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679db267d2720432023-02-07 15:10:39.598root 11241100x8000000000000000693880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246c35092a89d0792023-02-07 15:10:39.598root 11241100x8000000000000000693889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5587c30eed9f53602023-02-07 15:10:39.599root 11241100x8000000000000000693888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2de0281a32cf92023-02-07 15:10:39.599root 11241100x8000000000000000693887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c7ce70decec1862023-02-07 15:10:39.599root 11241100x8000000000000000693886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d74326970d8d262023-02-07 15:10:39.599root 11241100x8000000000000000693885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a56cac007d9ec8e2023-02-07 15:10:39.599root 11241100x8000000000000000693884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754224e6456c34f42023-02-07 15:10:39.599root 11241100x8000000000000000693892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22344b804b10c53e2023-02-07 15:10:40.095root 11241100x8000000000000000693891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03bb209662a47772023-02-07 15:10:40.095root 11241100x8000000000000000693890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6e9b273ce0c79d2023-02-07 15:10:40.095root 11241100x8000000000000000693897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e2ab6eca289752023-02-07 15:10:40.096root 11241100x8000000000000000693896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc2d10354f53f82023-02-07 15:10:40.096root 11241100x8000000000000000693895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba26b85c7472a82023-02-07 15:10:40.096root 11241100x8000000000000000693894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569bead1c1d6b8af2023-02-07 15:10:40.096root 11241100x8000000000000000693893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3788d2f2d4f392023-02-07 15:10:40.096root 11241100x8000000000000000693901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c14b4f132b274302023-02-07 15:10:40.097root 11241100x8000000000000000693900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d2bc367e6b0c12023-02-07 15:10:40.097root 11241100x8000000000000000693899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e4a1b81522d85f2023-02-07 15:10:40.097root 11241100x8000000000000000693898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f798e18c5985d2023-02-07 15:10:40.097root 11241100x8000000000000000693905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f4f8aca721b9b2023-02-07 15:10:40.098root 11241100x8000000000000000693904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bea75dde441862023-02-07 15:10:40.098root 11241100x8000000000000000693903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0da32cda978d512023-02-07 15:10:40.098root 11241100x8000000000000000693902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b65355a88c9e2a62023-02-07 15:10:40.098root 11241100x8000000000000000693906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a4b583f3d240a2023-02-07 15:10:40.099root 11241100x8000000000000000693908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1f21e636073ba2023-02-07 15:10:40.100root 11241100x8000000000000000693907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e39ef2379bfc482023-02-07 15:10:40.100root 11241100x8000000000000000693911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e668e4f0c3b004a2023-02-07 15:10:40.595root 11241100x8000000000000000693910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390695464ad2cc002023-02-07 15:10:40.595root 11241100x8000000000000000693909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c31814e4e3b2f52023-02-07 15:10:40.595root 11241100x8000000000000000693915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27991593f3ba38c2023-02-07 15:10:40.596root 11241100x8000000000000000693914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e96e60b486394042023-02-07 15:10:40.596root 11241100x8000000000000000693913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6c606efb37cc72023-02-07 15:10:40.596root 11241100x8000000000000000693912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164967e4a5fbff92023-02-07 15:10:40.596root 11241100x8000000000000000693918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271ef0fa7ec0bafc2023-02-07 15:10:40.597root 11241100x8000000000000000693917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b7c082731d6b8e2023-02-07 15:10:40.597root 11241100x8000000000000000693916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fab73e49e475ae2023-02-07 15:10:40.597root 11241100x8000000000000000693923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33ff52adbf1a5c42023-02-07 15:10:40.598root 11241100x8000000000000000693922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b911d67762299fa2023-02-07 15:10:40.598root 11241100x8000000000000000693921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922e6805e39241d2023-02-07 15:10:40.598root 11241100x8000000000000000693920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038520ee696c3492023-02-07 15:10:40.598root 11241100x8000000000000000693919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9856ebae8dd1562023-02-07 15:10:40.598root 11241100x8000000000000000693927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c412eb9c2d12e8742023-02-07 15:10:40.599root 11241100x8000000000000000693926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910589d42cc09a1e2023-02-07 15:10:40.599root 11241100x8000000000000000693925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7eae8e6257443c2023-02-07 15:10:40.599root 11241100x8000000000000000693924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043bbac662753e172023-02-07 15:10:40.599root 354300x8000000000000000693928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.061{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50894-false10.0.1.12-8000- 11241100x8000000000000000693935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fadbdd731d7e332023-02-07 15:10:41.062root 11241100x8000000000000000693934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5db1d5e21340ce2023-02-07 15:10:41.062root 11241100x8000000000000000693933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c9ee5ea85adae2023-02-07 15:10:41.062root 11241100x8000000000000000693932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479ee87f19553b02023-02-07 15:10:41.062root 11241100x8000000000000000693931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b332bf3a7eecd82023-02-07 15:10:41.062root 11241100x8000000000000000693930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0edbc44e54ad7b22023-02-07 15:10:41.062root 11241100x8000000000000000693929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a195d94e77ce42023-02-07 15:10:41.062root 11241100x8000000000000000693939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973fa356048a8bf2023-02-07 15:10:41.063root 11241100x8000000000000000693938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a87df775aad22172023-02-07 15:10:41.063root 11241100x8000000000000000693937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb15324dd95f622023-02-07 15:10:41.063root 11241100x8000000000000000693936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4db142233247592023-02-07 15:10:41.063root 11241100x8000000000000000693952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339b4726cdad82f42023-02-07 15:10:41.064root 11241100x8000000000000000693951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43dd133a0054582023-02-07 15:10:41.064root 11241100x8000000000000000693950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6036bfdb835fc6362023-02-07 15:10:41.064root 11241100x8000000000000000693949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2370cd6184ab21c2023-02-07 15:10:41.064root 11241100x8000000000000000693948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d134e494ae176e642023-02-07 15:10:41.064root 11241100x8000000000000000693947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349f4e2559beb1172023-02-07 15:10:41.064root 11241100x8000000000000000693946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59725acaddc8e3ad2023-02-07 15:10:41.064root 11241100x8000000000000000693945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc219a229c83c4612023-02-07 15:10:41.064root 11241100x8000000000000000693944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f95abe45ae01492023-02-07 15:10:41.064root 11241100x8000000000000000693943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b4f84166526e1e2023-02-07 15:10:41.064root 11241100x8000000000000000693942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c30f0da769e15b32023-02-07 15:10:41.064root 11241100x8000000000000000693941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5d998dfab11c22023-02-07 15:10:41.064root 11241100x8000000000000000693940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eaaee88a0411502023-02-07 15:10:41.064root 11241100x8000000000000000693956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff875c548793add2023-02-07 15:10:41.065root 11241100x8000000000000000693955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df8b310cde56f3a2023-02-07 15:10:41.065root 11241100x8000000000000000693954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929abcfc6702cca92023-02-07 15:10:41.065root 11241100x8000000000000000693953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a1526b7897560f2023-02-07 15:10:41.065root 11241100x8000000000000000693957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8422a8ee5fceb58f2023-02-07 15:10:41.345root 11241100x8000000000000000693967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39b318e5a8ce772023-02-07 15:10:41.346root 11241100x8000000000000000693966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18954e3428b3d1c2023-02-07 15:10:41.346root 11241100x8000000000000000693965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f3cfc32e0fdc732023-02-07 15:10:41.346root 11241100x8000000000000000693964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c72384bb38f372023-02-07 15:10:41.346root 11241100x8000000000000000693963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9e29ac7e930f582023-02-07 15:10:41.346root 11241100x8000000000000000693962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26851850ccd5a4152023-02-07 15:10:41.346root 11241100x8000000000000000693961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605521194cd8a762023-02-07 15:10:41.346root 11241100x8000000000000000693960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aad94eb4ea3d0452023-02-07 15:10:41.346root 11241100x8000000000000000693959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50fad650907b572023-02-07 15:10:41.346root 11241100x8000000000000000693958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639f62e090a4c022023-02-07 15:10:41.346root 11241100x8000000000000000693974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bed75dfd857e1e2023-02-07 15:10:41.347root 11241100x8000000000000000693973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b231b9860427a79d2023-02-07 15:10:41.347root 11241100x8000000000000000693972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0996652227516092023-02-07 15:10:41.347root 11241100x8000000000000000693971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2668069715b22b92023-02-07 15:10:41.347root 11241100x8000000000000000693970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721f5044bc866e0b2023-02-07 15:10:41.347root 11241100x8000000000000000693969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67620b73686e0f2023-02-07 15:10:41.347root 11241100x8000000000000000693968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf3ae8b281a1f62023-02-07 15:10:41.347root 11241100x8000000000000000693976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c8d8e6044b06e2023-02-07 15:10:41.348root 11241100x8000000000000000693975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b384636e82d3d9a32023-02-07 15:10:41.348root 11241100x8000000000000000693978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d0c38142bbca012023-02-07 15:10:41.845root 11241100x8000000000000000693977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702d9a47665fd2242023-02-07 15:10:41.845root 11241100x8000000000000000693984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c7b27d7289c402023-02-07 15:10:41.846root 11241100x8000000000000000693983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab54e09c9c1c212023-02-07 15:10:41.846root 11241100x8000000000000000693982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaaaa6f2532ef8a2023-02-07 15:10:41.846root 11241100x8000000000000000693981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb96c8af8f31c772023-02-07 15:10:41.846root 11241100x8000000000000000693980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffc6598583b0ac2023-02-07 15:10:41.846root 11241100x8000000000000000693979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf36a5f10db5f32023-02-07 15:10:41.846root 11241100x8000000000000000693991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d12f3565556fc32023-02-07 15:10:41.847root 11241100x8000000000000000693990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b78831ac109a12023-02-07 15:10:41.847root 11241100x8000000000000000693989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4030602f3071982023-02-07 15:10:41.847root 11241100x8000000000000000693988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b420d5ff6796a2023-02-07 15:10:41.847root 11241100x8000000000000000693987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0931c0d1fa7d750d2023-02-07 15:10:41.847root 11241100x8000000000000000693986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9fd0ce48c2dc5f2023-02-07 15:10:41.847root 11241100x8000000000000000693985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e8fed9e55160ec2023-02-07 15:10:41.847root 11241100x8000000000000000693998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a209ab51884eac32023-02-07 15:10:41.848root 11241100x8000000000000000693997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7a3a1ea97a07e52023-02-07 15:10:41.848root 11241100x8000000000000000693996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe014f15e14d70f2023-02-07 15:10:41.848root 11241100x8000000000000000693995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65def8e9b7970fc12023-02-07 15:10:41.848root 11241100x8000000000000000693994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e66baec6339be62023-02-07 15:10:41.848root 11241100x8000000000000000693993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7aaffe1823df082023-02-07 15:10:41.848root 11241100x8000000000000000693992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88427ec7dd0028d2023-02-07 15:10:41.848root 11241100x8000000000000000694002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8830c6b939b9a2023-02-07 15:10:41.849root 11241100x8000000000000000694001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea21b3de40e9f8692023-02-07 15:10:41.849root 11241100x8000000000000000694000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fec694f60c49c92023-02-07 15:10:41.849root 11241100x8000000000000000693999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20ee5d13c8e8c62023-02-07 15:10:41.849root 11241100x8000000000000000694009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16313a8b24300e032023-02-07 15:10:42.346root 11241100x8000000000000000694008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9df04ebfba6e502023-02-07 15:10:42.346root 11241100x8000000000000000694007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef5231383115d1d2023-02-07 15:10:42.346root 11241100x8000000000000000694006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0b00f8653e0b52023-02-07 15:10:42.346root 11241100x8000000000000000694005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557d181fcf6fcaf2023-02-07 15:10:42.346root 11241100x8000000000000000694004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ffa59a78c20ca12023-02-07 15:10:42.346root 11241100x8000000000000000694003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb025c64f84df72023-02-07 15:10:42.346root 11241100x8000000000000000694018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54e4040214ce062023-02-07 15:10:42.347root 11241100x8000000000000000694017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87995698d5ca7532023-02-07 15:10:42.347root 11241100x8000000000000000694016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe40a004a93cb2e2023-02-07 15:10:42.347root 11241100x8000000000000000694015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fda0825ec9fc402023-02-07 15:10:42.347root 11241100x8000000000000000694014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f33e2202484d9282023-02-07 15:10:42.347root 11241100x8000000000000000694013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea12729f9809b52023-02-07 15:10:42.347root 11241100x8000000000000000694012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02057673f618194b2023-02-07 15:10:42.347root 11241100x8000000000000000694011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0cc27abb8829b2023-02-07 15:10:42.347root 11241100x8000000000000000694010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070eb48a643148042023-02-07 15:10:42.347root 11241100x8000000000000000694022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c2e098b1cf3e52023-02-07 15:10:42.348root 11241100x8000000000000000694021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7951cfa4168caadb2023-02-07 15:10:42.348root 11241100x8000000000000000694020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edb25cc28a2f0bb2023-02-07 15:10:42.348root 11241100x8000000000000000694019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315a1c599f08785c2023-02-07 15:10:42.348root 11241100x8000000000000000694023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46897915d25f39952023-02-07 15:10:42.845root 11241100x8000000000000000694029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd578af249ebf7a42023-02-07 15:10:42.846root 11241100x8000000000000000694028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20345865a40d5f2023-02-07 15:10:42.846root 11241100x8000000000000000694027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab20faa6161e262023-02-07 15:10:42.846root 11241100x8000000000000000694026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f6af68c9766642023-02-07 15:10:42.846root 11241100x8000000000000000694025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3f19bed7d4bb902023-02-07 15:10:42.846root 11241100x8000000000000000694024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f1af09a36c5b12023-02-07 15:10:42.846root 11241100x8000000000000000694036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbf8269bae5d34b2023-02-07 15:10:42.847root 11241100x8000000000000000694035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f367062052c0f4a2023-02-07 15:10:42.847root 11241100x8000000000000000694034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcdbdd2e3142fc72023-02-07 15:10:42.847root 11241100x8000000000000000694033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa96ee4d131173e2023-02-07 15:10:42.847root 11241100x8000000000000000694032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc38add011346b2023-02-07 15:10:42.847root 11241100x8000000000000000694031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94c656f852e0c6f2023-02-07 15:10:42.847root 11241100x8000000000000000694030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d795a7a06d201c212023-02-07 15:10:42.847root 11241100x8000000000000000694042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f2dd0ce5b4f8f2023-02-07 15:10:42.848root 11241100x8000000000000000694041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff3147956c736d2023-02-07 15:10:42.848root 11241100x8000000000000000694040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc6a059fdce283c2023-02-07 15:10:42.848root 11241100x8000000000000000694039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd7420dd75c26972023-02-07 15:10:42.848root 11241100x8000000000000000694038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5b12a7cdd0a2a2023-02-07 15:10:42.848root 11241100x8000000000000000694037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3dccf1af7d12f72023-02-07 15:10:42.848root 11241100x8000000000000000694043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfafd710b68915f2023-02-07 15:10:43.345root 11241100x8000000000000000694046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8847f1116dc8b8a02023-02-07 15:10:43.346root 11241100x8000000000000000694045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea32486d5cc4b8a02023-02-07 15:10:43.346root 11241100x8000000000000000694044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd713d62cd1b882023-02-07 15:10:43.346root 11241100x8000000000000000694049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ff6abd4c3be152023-02-07 15:10:43.347root 11241100x8000000000000000694048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8c9482a092abe2023-02-07 15:10:43.347root 11241100x8000000000000000694047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b61c1882c8150b2023-02-07 15:10:43.347root 11241100x8000000000000000694051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8093489f782792023-02-07 15:10:43.348root 11241100x8000000000000000694050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d06d3ad76e70f2023-02-07 15:10:43.348root 11241100x8000000000000000694060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcf88ee333a3402023-02-07 15:10:43.349root 11241100x8000000000000000694059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1d15bbcf4ed8f12023-02-07 15:10:43.349root 11241100x8000000000000000694058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62099d761f0c58722023-02-07 15:10:43.349root 11241100x8000000000000000694057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4369acb656c26b2023-02-07 15:10:43.349root 11241100x8000000000000000694056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbafe8e8e8b96e82023-02-07 15:10:43.349root 11241100x8000000000000000694055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1c5c650c8943242023-02-07 15:10:43.349root 11241100x8000000000000000694054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795bac820eb2bb452023-02-07 15:10:43.349root 11241100x8000000000000000694053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474e4b4f7d840f302023-02-07 15:10:43.349root 11241100x8000000000000000694052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2aea39762161462023-02-07 15:10:43.349root 11241100x8000000000000000694063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce33dafc00b2c742023-02-07 15:10:43.350root 11241100x8000000000000000694062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f9f310ba1c3b222023-02-07 15:10:43.350root 11241100x8000000000000000694061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8612b56be6d9f2023-02-07 15:10:43.350root 11241100x8000000000000000694071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73d41b75eb728a72023-02-07 15:10:43.846root 11241100x8000000000000000694070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6357c9db881961c2023-02-07 15:10:43.846root 11241100x8000000000000000694069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a807b851d42572023-02-07 15:10:43.846root 11241100x8000000000000000694068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9bdd0508f131022023-02-07 15:10:43.846root 11241100x8000000000000000694067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3d41d0e321b6f62023-02-07 15:10:43.846root 11241100x8000000000000000694066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bba41961e2d166b2023-02-07 15:10:43.846root 11241100x8000000000000000694065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3552b9ec41efc622023-02-07 15:10:43.846root 11241100x8000000000000000694064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1de5eb29145f62023-02-07 15:10:43.846root 11241100x8000000000000000694076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0052dbd66c1e94472023-02-07 15:10:43.847root 11241100x8000000000000000694075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592871a5c69436f2023-02-07 15:10:43.847root 11241100x8000000000000000694074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcfc5566c0f5ff12023-02-07 15:10:43.847root 11241100x8000000000000000694073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d7011705db7d0c2023-02-07 15:10:43.847root 11241100x8000000000000000694072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7effdc83d381e0a72023-02-07 15:10:43.847root 11241100x8000000000000000694080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a922ca62e604a2023-02-07 15:10:43.848root 11241100x8000000000000000694079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23815cc765655ab32023-02-07 15:10:43.848root 11241100x8000000000000000694078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa9e3ecb77033442023-02-07 15:10:43.848root 11241100x8000000000000000694077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb91c12c6e34a30b2023-02-07 15:10:43.848root 11241100x8000000000000000694083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7281f01e1f22865a2023-02-07 15:10:43.849root 11241100x8000000000000000694082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d7969a18f4e452023-02-07 15:10:43.849root 11241100x8000000000000000694081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bbd9f5e8dc92912023-02-07 15:10:43.849root 11241100x8000000000000000694084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902bb7edf681a9be2023-02-07 15:10:44.345root 11241100x8000000000000000694089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0116e114991f38be2023-02-07 15:10:44.346root 11241100x8000000000000000694088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ed2a660f6e6562023-02-07 15:10:44.346root 11241100x8000000000000000694087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a504d802643092023-02-07 15:10:44.346root 11241100x8000000000000000694086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20d8fcdeee08532023-02-07 15:10:44.346root 11241100x8000000000000000694085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8416cd91f41cbbf2023-02-07 15:10:44.346root 11241100x8000000000000000694093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc3aa6b3c0c91d02023-02-07 15:10:44.347root 11241100x8000000000000000694092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2d2588f95d65e32023-02-07 15:10:44.347root 11241100x8000000000000000694091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7ab6055314dd5f2023-02-07 15:10:44.347root 11241100x8000000000000000694090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf8e0806983df12023-02-07 15:10:44.347root 11241100x8000000000000000694095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4a3e2d21cabd912023-02-07 15:10:44.348root 11241100x8000000000000000694094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d60a538e4163d72023-02-07 15:10:44.348root 11241100x8000000000000000694099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4056e2100899d5e2023-02-07 15:10:44.349root 11241100x8000000000000000694098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84667876b74a92eb2023-02-07 15:10:44.349root 11241100x8000000000000000694097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794c6e84c89f82bc2023-02-07 15:10:44.349root 11241100x8000000000000000694096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f852073427ac49c42023-02-07 15:10:44.349root 11241100x8000000000000000694103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b155df4c5f23a762023-02-07 15:10:44.350root 11241100x8000000000000000694102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53028a834d47a7322023-02-07 15:10:44.350root 11241100x8000000000000000694101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612ddb84bcd463402023-02-07 15:10:44.350root 11241100x8000000000000000694100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e110bac12bd37e2023-02-07 15:10:44.350root 11241100x8000000000000000694112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45a07312f6265772023-02-07 15:10:44.846root 11241100x8000000000000000694111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137e45ab54aa5592023-02-07 15:10:44.846root 11241100x8000000000000000694110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fce69b4b57cd072023-02-07 15:10:44.846root 11241100x8000000000000000694109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ad7561f658ff9c2023-02-07 15:10:44.846root 11241100x8000000000000000694108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79edf4b7d38479282023-02-07 15:10:44.846root 11241100x8000000000000000694107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ec82c2cd35672c2023-02-07 15:10:44.846root 11241100x8000000000000000694106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4486d9529f7d11e32023-02-07 15:10:44.846root 11241100x8000000000000000694105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce774cfeaf189e92023-02-07 15:10:44.846root 11241100x8000000000000000694104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a2876ea0c79c52023-02-07 15:10:44.846root 11241100x8000000000000000694123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f145a8f35eb1cb2a2023-02-07 15:10:44.847root 11241100x8000000000000000694122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357640d6a103ee92023-02-07 15:10:44.847root 11241100x8000000000000000694121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77631dd47ea3812023-02-07 15:10:44.847root 11241100x8000000000000000694120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903b4ced832b67d2023-02-07 15:10:44.847root 11241100x8000000000000000694119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86fa594fadddba72023-02-07 15:10:44.847root 11241100x8000000000000000694118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca46a017c8fbd6f12023-02-07 15:10:44.847root 11241100x8000000000000000694117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c27f8ff9f5634a2023-02-07 15:10:44.847root 11241100x8000000000000000694116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616ebce2c73f6682023-02-07 15:10:44.847root 11241100x8000000000000000694115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f362e0eafb1ffdb2023-02-07 15:10:44.847root 11241100x8000000000000000694114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7ca7acb761ebd22023-02-07 15:10:44.847root 11241100x8000000000000000694113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae536e9f4e2c23a72023-02-07 15:10:44.847root 11241100x8000000000000000694133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e2cf32d912548e2023-02-07 15:10:45.346root 11241100x8000000000000000694132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17953fd9fdcc5da32023-02-07 15:10:45.346root 11241100x8000000000000000694131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ac2be74f708402023-02-07 15:10:45.346root 11241100x8000000000000000694130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccdf9c3d929ed502023-02-07 15:10:45.346root 11241100x8000000000000000694129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683cff98438f5e5c2023-02-07 15:10:45.346root 11241100x8000000000000000694128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf97352b34eb9472023-02-07 15:10:45.346root 11241100x8000000000000000694127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3eabca3713e86652023-02-07 15:10:45.346root 11241100x8000000000000000694126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06f949099880ba62023-02-07 15:10:45.346root 11241100x8000000000000000694125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165152b979d228702023-02-07 15:10:45.346root 11241100x8000000000000000694124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d1079aa435fbf22023-02-07 15:10:45.346root 11241100x8000000000000000694143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2529aef5cc9dd2023-02-07 15:10:45.347root 11241100x8000000000000000694142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c331736ea21287752023-02-07 15:10:45.347root 11241100x8000000000000000694141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476054586121cd112023-02-07 15:10:45.347root 11241100x8000000000000000694140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf2f6b84fe62c652023-02-07 15:10:45.347root 11241100x8000000000000000694139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28523df5a3c2e5b62023-02-07 15:10:45.347root 11241100x8000000000000000694138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413fe3edf3dc4882023-02-07 15:10:45.347root 11241100x8000000000000000694137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ecfe798c4b24eb2023-02-07 15:10:45.347root 11241100x8000000000000000694136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b63f0a51b55dc2023-02-07 15:10:45.347root 11241100x8000000000000000694135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41fb2acb071010b2023-02-07 15:10:45.347root 11241100x8000000000000000694134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba1529ed3b2991a2023-02-07 15:10:45.347root 11241100x8000000000000000694145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf0edb4ae4a3fa2023-02-07 15:10:45.348root 11241100x8000000000000000694144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8209319b0edf252023-02-07 15:10:45.348root 11241100x8000000000000000694147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d500ab342788262023-02-07 15:10:45.845root 11241100x8000000000000000694146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b781b3c1825a512023-02-07 15:10:45.845root 11241100x8000000000000000694156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b75b77477173e6b2023-02-07 15:10:45.846root 11241100x8000000000000000694155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fba549f6759bddc2023-02-07 15:10:45.846root 11241100x8000000000000000694154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46913564572da542023-02-07 15:10:45.846root 11241100x8000000000000000694153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38410b92d2866f922023-02-07 15:10:45.846root 11241100x8000000000000000694152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4e1d42979d9c22023-02-07 15:10:45.846root 11241100x8000000000000000694151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640c02696da29a2e2023-02-07 15:10:45.846root 11241100x8000000000000000694150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a589ce3e4770e3c2023-02-07 15:10:45.846root 11241100x8000000000000000694149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b644a72be5b23d2023-02-07 15:10:45.846root 11241100x8000000000000000694148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe68a16ea75fcfa2023-02-07 15:10:45.846root 11241100x8000000000000000694165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d562fbddb0cd4f2023-02-07 15:10:45.847root 11241100x8000000000000000694164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5d6a7ce1cd3d82023-02-07 15:10:45.847root 11241100x8000000000000000694163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc291c442c1d772023-02-07 15:10:45.847root 11241100x8000000000000000694162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0c19b26188ff3e2023-02-07 15:10:45.847root 11241100x8000000000000000694161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40df3dded3453d42023-02-07 15:10:45.847root 11241100x8000000000000000694160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d2087ca8ff20c72023-02-07 15:10:45.847root 11241100x8000000000000000694159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc4a42e574c9f282023-02-07 15:10:45.847root 11241100x8000000000000000694158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3eebcf97e5e742023-02-07 15:10:45.847root 11241100x8000000000000000694157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e528b2611de832023-02-07 15:10:45.847root 354300x8000000000000000694166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.246{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47886-false10.0.1.12-8000- 11241100x8000000000000000694171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde88dceaaf35fa2023-02-07 15:10:46.247root 11241100x8000000000000000694170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ed607c204142642023-02-07 15:10:46.247root 11241100x8000000000000000694169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8455b9a037682e72023-02-07 15:10:46.247root 11241100x8000000000000000694168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf68ee4178c64242023-02-07 15:10:46.247root 11241100x8000000000000000694167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1bb977f2a69b82023-02-07 15:10:46.247root 11241100x8000000000000000694181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222074b7c23599e72023-02-07 15:10:46.248root 11241100x8000000000000000694180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325f58967d1eca272023-02-07 15:10:46.248root 11241100x8000000000000000694179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98d3c7946bfc5ae2023-02-07 15:10:46.248root 11241100x8000000000000000694178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc355c5cdbc2487a2023-02-07 15:10:46.248root 11241100x8000000000000000694177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d45e7d861b40c2023-02-07 15:10:46.248root 11241100x8000000000000000694176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c8b468d20757ef2023-02-07 15:10:46.248root 11241100x8000000000000000694175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040e84e5068fd0f2023-02-07 15:10:46.248root 11241100x8000000000000000694174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fabe366ce651a2023-02-07 15:10:46.248root 11241100x8000000000000000694173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a714dda11eb8e1872023-02-07 15:10:46.248root 11241100x8000000000000000694172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadf4fa0fdd1f6d02023-02-07 15:10:46.248root 11241100x8000000000000000694190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649251960e9d3122023-02-07 15:10:46.249root 11241100x8000000000000000694189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3838131e1b4e72023-02-07 15:10:46.249root 11241100x8000000000000000694188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3bb2eea95ca322023-02-07 15:10:46.249root 11241100x8000000000000000694187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77dace4d94b33372023-02-07 15:10:46.249root 11241100x8000000000000000694186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a099ac6b0f9161152023-02-07 15:10:46.249root 11241100x8000000000000000694185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4137b5d7cdf1b0102023-02-07 15:10:46.249root 11241100x8000000000000000694184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276fbb4b8e0a69e2023-02-07 15:10:46.249root 11241100x8000000000000000694183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10d91744472d6a92023-02-07 15:10:46.249root 11241100x8000000000000000694182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72d557c16ade622023-02-07 15:10:46.249root 11241100x8000000000000000694193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893c3f0334dd79b12023-02-07 15:10:46.595root 11241100x8000000000000000694192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0cbc03788043c72023-02-07 15:10:46.595root 11241100x8000000000000000694191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dc04e1d81b800a2023-02-07 15:10:46.595root 11241100x8000000000000000694201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f206490b82edff02023-02-07 15:10:46.596root 11241100x8000000000000000694200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a98bd7e9fd37f22023-02-07 15:10:46.596root 11241100x8000000000000000694199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53224e3b32bb58f2023-02-07 15:10:46.596root 11241100x8000000000000000694198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0957fb6f270f82023-02-07 15:10:46.596root 11241100x8000000000000000694197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb59e15b978f4d52023-02-07 15:10:46.596root 11241100x8000000000000000694196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ec4bd449fb6deb2023-02-07 15:10:46.596root 11241100x8000000000000000694195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e4e16abc4bc272023-02-07 15:10:46.596root 11241100x8000000000000000694194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d8778bb6a50cb2023-02-07 15:10:46.596root 11241100x8000000000000000694212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b126741ab916a1882023-02-07 15:10:46.597root 11241100x8000000000000000694211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb15fc2c711abb2023-02-07 15:10:46.597root 11241100x8000000000000000694210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6e133d8f72efcc2023-02-07 15:10:46.597root 11241100x8000000000000000694209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6831aae9dbfb64d2023-02-07 15:10:46.597root 11241100x8000000000000000694208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1874ae32eef94a2023-02-07 15:10:46.597root 11241100x8000000000000000694207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c99b1fa75005fde2023-02-07 15:10:46.597root 11241100x8000000000000000694206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc47c318846542cb2023-02-07 15:10:46.597root 11241100x8000000000000000694205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9730268363ca2cec2023-02-07 15:10:46.597root 11241100x8000000000000000694204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c863cc12d53e00d62023-02-07 15:10:46.597root 11241100x8000000000000000694203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62806f4797308c222023-02-07 15:10:46.597root 11241100x8000000000000000694202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f243a1db261d642023-02-07 15:10:46.597root 11241100x8000000000000000694217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73d949431688d62023-02-07 15:10:47.095root 11241100x8000000000000000694216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb73bba0a1de302023-02-07 15:10:47.095root 11241100x8000000000000000694215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66365f50421080a52023-02-07 15:10:47.095root 11241100x8000000000000000694214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1636dd4a867a5fa2023-02-07 15:10:47.095root 11241100x8000000000000000694213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12066771d5b870722023-02-07 15:10:47.095root 11241100x8000000000000000694224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15a6a529fc8fbb2023-02-07 15:10:47.096root 11241100x8000000000000000694223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c5cd2ee83456a12023-02-07 15:10:47.096root 11241100x8000000000000000694222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ebdb9e9c33e6f2023-02-07 15:10:47.096root 11241100x8000000000000000694221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dacaaee695b4e02023-02-07 15:10:47.096root 11241100x8000000000000000694220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5368348bf65b952023-02-07 15:10:47.096root 11241100x8000000000000000694219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891fa123cc1dbfd2023-02-07 15:10:47.096root 11241100x8000000000000000694218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09fabde26a511fa2023-02-07 15:10:47.096root 11241100x8000000000000000694232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421ac3e9f95e9032023-02-07 15:10:47.097root 11241100x8000000000000000694231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae56e7ec951e7a2023-02-07 15:10:47.097root 11241100x8000000000000000694230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ebaaa95a6074e2023-02-07 15:10:47.097root 11241100x8000000000000000694229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3639cbf4f9f204102023-02-07 15:10:47.097root 11241100x8000000000000000694228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e1e2ea0e6763c2023-02-07 15:10:47.097root 11241100x8000000000000000694227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23e980244062e62023-02-07 15:10:47.097root 11241100x8000000000000000694226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b844084f1268b49f2023-02-07 15:10:47.097root 11241100x8000000000000000694225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df2040f72cb2eef2023-02-07 15:10:47.097root 11241100x8000000000000000694235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ec35a52f839132023-02-07 15:10:47.098root 11241100x8000000000000000694234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085ef04ff17ac4622023-02-07 15:10:47.098root 11241100x8000000000000000694233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce7833193a3ab02023-02-07 15:10:47.098root 11241100x8000000000000000694239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56efb023055fa4902023-02-07 15:10:47.595root 11241100x8000000000000000694238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d1e715fd9e39c2023-02-07 15:10:47.595root 11241100x8000000000000000694237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01aeef9cbe6fddd2023-02-07 15:10:47.595root 11241100x8000000000000000694236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260d97891eb25aa2023-02-07 15:10:47.595root 11241100x8000000000000000694246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d38c3a5620b2bec2023-02-07 15:10:47.596root 11241100x8000000000000000694245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf79d4a1b99f1ba2023-02-07 15:10:47.596root 11241100x8000000000000000694244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877fd07ac8b8f6762023-02-07 15:10:47.596root 11241100x8000000000000000694243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a59128c71e4c522023-02-07 15:10:47.596root 11241100x8000000000000000694242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2bccf4b8e02d072023-02-07 15:10:47.596root 11241100x8000000000000000694241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b11464ef9ce6072023-02-07 15:10:47.596root 11241100x8000000000000000694240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75429069a45204ba2023-02-07 15:10:47.596root 11241100x8000000000000000694251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e51de7af2ec2622023-02-07 15:10:47.597root 11241100x8000000000000000694250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab23950b9bb2d1392023-02-07 15:10:47.597root 11241100x8000000000000000694249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224c932506bba49f2023-02-07 15:10:47.597root 11241100x8000000000000000694248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae5e9ea40555272023-02-07 15:10:47.597root 11241100x8000000000000000694247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c27f345950a3882023-02-07 15:10:47.597root 11241100x8000000000000000694257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2ef0b1cf73a0ee2023-02-07 15:10:47.598root 11241100x8000000000000000694256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91ed7bf3348287b2023-02-07 15:10:47.598root 11241100x8000000000000000694255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326ef81550a586302023-02-07 15:10:47.598root 11241100x8000000000000000694254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9ce448ae559a3c2023-02-07 15:10:47.598root 11241100x8000000000000000694253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8ad221d744dd02023-02-07 15:10:47.598root 11241100x8000000000000000694252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00083136a09b562023-02-07 15:10:47.598root 11241100x8000000000000000694258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0422d46cd614e52023-02-07 15:10:47.599root 11241100x8000000000000000694259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a993bafc451c628f2023-02-07 15:10:48.095root 11241100x8000000000000000694273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92679fb94c2889792023-02-07 15:10:48.096root 11241100x8000000000000000694272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89369dd6eb5e05952023-02-07 15:10:48.096root 11241100x8000000000000000694271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c029efffe056d712023-02-07 15:10:48.096root 11241100x8000000000000000694270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae133453dcafc76d2023-02-07 15:10:48.096root 11241100x8000000000000000694269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e0d35a558dae62023-02-07 15:10:48.096root 11241100x8000000000000000694268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f98fbbd1995ec2023-02-07 15:10:48.096root 11241100x8000000000000000694267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385a514cb3db9b942023-02-07 15:10:48.096root 11241100x8000000000000000694266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd87e35a6dca7fc2023-02-07 15:10:48.096root 11241100x8000000000000000694265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f92d6bccc221c2023-02-07 15:10:48.096root 11241100x8000000000000000694264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8f17b39cfb13632023-02-07 15:10:48.096root 11241100x8000000000000000694263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e32e1e558ee0ff2023-02-07 15:10:48.096root 11241100x8000000000000000694262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ebfb5b57972a7b2023-02-07 15:10:48.096root 11241100x8000000000000000694261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692233c9b8315a982023-02-07 15:10:48.096root 11241100x8000000000000000694260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eec632a431aaf522023-02-07 15:10:48.096root 11241100x8000000000000000694280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64702233360d49702023-02-07 15:10:48.097root 11241100x8000000000000000694279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfef0acf20d6d692023-02-07 15:10:48.097root 11241100x8000000000000000694278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d99f284c1586b652023-02-07 15:10:48.097root 11241100x8000000000000000694277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b71134a2a9301c22023-02-07 15:10:48.097root 11241100x8000000000000000694276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9b7480555198922023-02-07 15:10:48.097root 11241100x8000000000000000694275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae2c63c18b0e9f92023-02-07 15:10:48.097root 11241100x8000000000000000694274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f3d3af647f3ed2023-02-07 15:10:48.097root 11241100x8000000000000000694285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ba520e996bf2b2023-02-07 15:10:48.595root 11241100x8000000000000000694284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692f9da674c12e232023-02-07 15:10:48.595root 11241100x8000000000000000694283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37fe51e9fe97fc2023-02-07 15:10:48.595root 11241100x8000000000000000694282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fa1e9e0a9c8282023-02-07 15:10:48.595root 11241100x8000000000000000694281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c745fb3cf5036a52023-02-07 15:10:48.595root 11241100x8000000000000000694295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79edfcd1c93a6f502023-02-07 15:10:48.596root 11241100x8000000000000000694294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c592c8038f40f51c2023-02-07 15:10:48.596root 11241100x8000000000000000694293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ddd1b9c21ae2f82023-02-07 15:10:48.596root 11241100x8000000000000000694292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8744aa2cea5ae5b22023-02-07 15:10:48.596root 11241100x8000000000000000694291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043a8748a98d97632023-02-07 15:10:48.596root 11241100x8000000000000000694290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5654187e618bd56d2023-02-07 15:10:48.596root 11241100x8000000000000000694289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e623d3b8b72042023-02-07 15:10:48.596root 11241100x8000000000000000694288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459c882b864c3def2023-02-07 15:10:48.596root 11241100x8000000000000000694287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97266535f90f8e0a2023-02-07 15:10:48.596root 11241100x8000000000000000694286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3b82842a5505a02023-02-07 15:10:48.596root 11241100x8000000000000000694301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4065b5d93f8602023-02-07 15:10:48.597root 11241100x8000000000000000694300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6e295636533d3a2023-02-07 15:10:48.597root 11241100x8000000000000000694299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab00c2c2cacad682023-02-07 15:10:48.597root 11241100x8000000000000000694298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d8f42f99fef0352023-02-07 15:10:48.597root 11241100x8000000000000000694297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae7aad5a5411012023-02-07 15:10:48.597root 11241100x8000000000000000694296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3c406ff8b42c02023-02-07 15:10:48.597root 11241100x8000000000000000694303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf5287047477d942023-02-07 15:10:48.598root 11241100x8000000000000000694302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7511370b54735f2023-02-07 15:10:48.598root 11241100x8000000000000000694307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699ec8bb761e12c92023-02-07 15:10:49.095root 11241100x8000000000000000694306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d5b2bca789563d2023-02-07 15:10:49.095root 11241100x8000000000000000694305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0331dbf358a84882023-02-07 15:10:49.095root 11241100x8000000000000000694304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074dbbd449c3d44c2023-02-07 15:10:49.095root 11241100x8000000000000000694312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dcdf1ddfc6038a2023-02-07 15:10:49.096root 11241100x8000000000000000694311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1b75a8b7ff18ce2023-02-07 15:10:49.096root 11241100x8000000000000000694310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f3b35ea50016c2023-02-07 15:10:49.096root 11241100x8000000000000000694309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fca48e9d8c96ec32023-02-07 15:10:49.096root 11241100x8000000000000000694308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632525c66cb862d52023-02-07 15:10:49.096root 11241100x8000000000000000694320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8e362cde1361c22023-02-07 15:10:49.097root 11241100x8000000000000000694319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ba4272571b67d02023-02-07 15:10:49.097root 11241100x8000000000000000694318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168e6b0c4f8991b2023-02-07 15:10:49.097root 11241100x8000000000000000694317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833c1a56c6b9275c2023-02-07 15:10:49.097root 11241100x8000000000000000694316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7115033a7aafb2023-02-07 15:10:49.097root 11241100x8000000000000000694315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ad47087b14cd42023-02-07 15:10:49.097root 11241100x8000000000000000694314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15cd8bb60c31d172023-02-07 15:10:49.097root 11241100x8000000000000000694313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ffee19ea9b5d582023-02-07 15:10:49.097root 11241100x8000000000000000694327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3654db73d74c41122023-02-07 15:10:49.098root 11241100x8000000000000000694326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d1a6a2cb7028c12023-02-07 15:10:49.098root 11241100x8000000000000000694325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904a50ed2a8af5692023-02-07 15:10:49.098root 11241100x8000000000000000694324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6faa91dbb0f9492023-02-07 15:10:49.098root 11241100x8000000000000000694323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949db5769b9122a2023-02-07 15:10:49.098root 11241100x8000000000000000694322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b47426bb15887692023-02-07 15:10:49.098root 11241100x8000000000000000694321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe46384862201fe2023-02-07 15:10:49.098root 11241100x8000000000000000694328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee9472d3eb820ff2023-02-07 15:10:49.099root 154100x8000000000000000694329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.132{ec244aba-69f9-63e2-6854-8dbd82550000}6102/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000694330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.144{ec244aba-69f9-63e2-6854-8dbd82550000}6102/bin/psroot 11241100x8000000000000000694334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01268ef275136022023-02-07 15:10:49.595root 11241100x8000000000000000694333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a42358ffc0eaf2023-02-07 15:10:49.595root 11241100x8000000000000000694332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a3cb703121f8592023-02-07 15:10:49.595root 11241100x8000000000000000694331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fddbbb34c4d4452023-02-07 15:10:49.595root 11241100x8000000000000000694341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a745084f99522262023-02-07 15:10:49.596root 11241100x8000000000000000694340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd35716b4e260e42023-02-07 15:10:49.596root 11241100x8000000000000000694339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df29b84bfecd3912023-02-07 15:10:49.596root 11241100x8000000000000000694338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac5edfa6e9d44322023-02-07 15:10:49.596root 11241100x8000000000000000694337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364562c2a2c89f402023-02-07 15:10:49.596root 11241100x8000000000000000694336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912bec8222fb5dc92023-02-07 15:10:49.596root 11241100x8000000000000000694335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf16adcf800ccfd2023-02-07 15:10:49.596root 11241100x8000000000000000694351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218cc4ef1d4464d2023-02-07 15:10:49.597root 11241100x8000000000000000694350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f4f289f0a3554e2023-02-07 15:10:49.597root 11241100x8000000000000000694349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a685e3e845c8f92023-02-07 15:10:49.597root 11241100x8000000000000000694348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8805ec3da6705f32023-02-07 15:10:49.597root 11241100x8000000000000000694347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af787d35bcff6962023-02-07 15:10:49.597root 11241100x8000000000000000694346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da68563133123ae2023-02-07 15:10:49.597root 11241100x8000000000000000694345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7b52f7fb90a6472023-02-07 15:10:49.597root 11241100x8000000000000000694344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f99e1916204b52023-02-07 15:10:49.597root 11241100x8000000000000000694343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde71b88ea73e352023-02-07 15:10:49.597root 11241100x8000000000000000694342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c3a841d814bd6b2023-02-07 15:10:49.597root 11241100x8000000000000000694356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d309eb183e237b2023-02-07 15:10:49.598root 11241100x8000000000000000694355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07efdc17dec2a372023-02-07 15:10:49.598root 11241100x8000000000000000694354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7028847e45cadfbb2023-02-07 15:10:49.598root 11241100x8000000000000000694353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77bf3154927b91a2023-02-07 15:10:49.598root 11241100x8000000000000000694352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dc25d03098407c2023-02-07 15:10:49.598root 11241100x8000000000000000694361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c739a803c7243cc2023-02-07 15:10:50.095root 11241100x8000000000000000694360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea9a77466bc44912023-02-07 15:10:50.095root 11241100x8000000000000000694359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb7f86be11b2a92023-02-07 15:10:50.095root 11241100x8000000000000000694358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7edce50428ff62c2023-02-07 15:10:50.095root 11241100x8000000000000000694357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497859ab356cf64e2023-02-07 15:10:50.095root 11241100x8000000000000000694370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e31fe1d87c8e4362023-02-07 15:10:50.096root 11241100x8000000000000000694369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8bd0424d8fb1e2023-02-07 15:10:50.096root 11241100x8000000000000000694368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb533d312f7515582023-02-07 15:10:50.096root 11241100x8000000000000000694367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41471b7203c7d5a2023-02-07 15:10:50.096root 11241100x8000000000000000694366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7967c0a7e0a3998e2023-02-07 15:10:50.096root 11241100x8000000000000000694365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94b84f85c2ed8a2023-02-07 15:10:50.096root 11241100x8000000000000000694364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26cfb9a74d1d7b2023-02-07 15:10:50.096root 11241100x8000000000000000694363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ab8704dd2bc2ec2023-02-07 15:10:50.096root 11241100x8000000000000000694362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d85c4d315498152023-02-07 15:10:50.096root 11241100x8000000000000000694377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f3f8ba2852efcc2023-02-07 15:10:50.097root 11241100x8000000000000000694376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287c609b6ad979b2023-02-07 15:10:50.097root 11241100x8000000000000000694375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f90f7d6a6d10c102023-02-07 15:10:50.097root 11241100x8000000000000000694374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b410aca9480da502023-02-07 15:10:50.097root 11241100x8000000000000000694373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d28e4806c8166c82023-02-07 15:10:50.097root 11241100x8000000000000000694372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56411540bb0b27c2023-02-07 15:10:50.097root 11241100x8000000000000000694371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7a10786c17c2552023-02-07 15:10:50.097root 11241100x8000000000000000694384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee2d7e481005bc2023-02-07 15:10:50.098root 11241100x8000000000000000694383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d3c113cf934f432023-02-07 15:10:50.098root 11241100x8000000000000000694382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de02b8d385fb324c2023-02-07 15:10:50.098root 11241100x8000000000000000694381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea03db4c02f347e2023-02-07 15:10:50.098root 11241100x8000000000000000694380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f393dd5f53a48092023-02-07 15:10:50.098root 11241100x8000000000000000694379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b4870c0ff7ccf72023-02-07 15:10:50.098root 11241100x8000000000000000694378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354a3966ff6ec902023-02-07 15:10:50.098root 11241100x8000000000000000694385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246985cab3b84702023-02-07 15:10:50.099root 11241100x8000000000000000694389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e751158e6f4ccf02023-02-07 15:10:50.595root 11241100x8000000000000000694388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9ee05c2ca933f92023-02-07 15:10:50.595root 11241100x8000000000000000694387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ee48d5aaf5187d2023-02-07 15:10:50.595root 11241100x8000000000000000694386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d2ac3776f9b6f2023-02-07 15:10:50.595root 11241100x8000000000000000694396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725a4c4e3d9a0082023-02-07 15:10:50.596root 11241100x8000000000000000694395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27340318913bf0f82023-02-07 15:10:50.596root 11241100x8000000000000000694394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f9ab528402b2412023-02-07 15:10:50.596root 11241100x8000000000000000694393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a003d07ec4a6d7d2023-02-07 15:10:50.596root 11241100x8000000000000000694392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa04c80f1c27daf2023-02-07 15:10:50.596root 11241100x8000000000000000694391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9ac472a2537622023-02-07 15:10:50.596root 11241100x8000000000000000694390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1b254c51a0c0a02023-02-07 15:10:50.596root 11241100x8000000000000000694403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bddaac941628382023-02-07 15:10:50.597root 11241100x8000000000000000694402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244a544b05133fd12023-02-07 15:10:50.597root 11241100x8000000000000000694401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63433891d8002f0b2023-02-07 15:10:50.597root 11241100x8000000000000000694400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ecb220588954402023-02-07 15:10:50.597root 11241100x8000000000000000694399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509f2d1a1d8dbc3b2023-02-07 15:10:50.597root 11241100x8000000000000000694398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ff55f7685e18ee2023-02-07 15:10:50.597root 11241100x8000000000000000694397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c705a9ab5b05442023-02-07 15:10:50.597root 11241100x8000000000000000694406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c4a598982159e82023-02-07 15:10:50.598root 11241100x8000000000000000694405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83800b08aebcb1232023-02-07 15:10:50.598root 11241100x8000000000000000694404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7206956d39ec1a2023-02-07 15:10:50.598root 11241100x8000000000000000694411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3e162b9afaad52023-02-07 15:10:50.599root 11241100x8000000000000000694410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8454cd219e86eba2023-02-07 15:10:50.599root 11241100x8000000000000000694409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36f65c45accd7e72023-02-07 15:10:50.599root 11241100x8000000000000000694408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78afcbbdf503f26e2023-02-07 15:10:50.599root 11241100x8000000000000000694407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a91497d92b5882023-02-07 15:10:50.599root 11241100x8000000000000000694416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f5dbe9ccaf89422023-02-07 15:10:51.095root 11241100x8000000000000000694415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d5288dac3a8ff72023-02-07 15:10:51.095root 11241100x8000000000000000694414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aebde7d6b343402023-02-07 15:10:51.095root 11241100x8000000000000000694413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3204e14beb7027972023-02-07 15:10:51.095root 11241100x8000000000000000694412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22501f45a2b0c722023-02-07 15:10:51.095root 11241100x8000000000000000694423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cac3b557a041202023-02-07 15:10:51.096root 11241100x8000000000000000694422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa123cd2c44391572023-02-07 15:10:51.096root 11241100x8000000000000000694421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a470e56f95db9d822023-02-07 15:10:51.096root 11241100x8000000000000000694420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d35bec47583c8372023-02-07 15:10:51.096root 11241100x8000000000000000694419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1292fa6e057823f42023-02-07 15:10:51.096root 11241100x8000000000000000694418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9613be456a7732802023-02-07 15:10:51.096root 11241100x8000000000000000694417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ca60c0faab00472023-02-07 15:10:51.096root 11241100x8000000000000000694430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ce2a1ab0eeed42023-02-07 15:10:51.097root 11241100x8000000000000000694429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ecf13eb97fe1482023-02-07 15:10:51.097root 11241100x8000000000000000694428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4aad2c5c8b98ff2023-02-07 15:10:51.097root 11241100x8000000000000000694427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaac13b108005202023-02-07 15:10:51.097root 11241100x8000000000000000694426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd2d236e1e305b92023-02-07 15:10:51.097root 11241100x8000000000000000694425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95813a99bf3cd42023-02-07 15:10:51.097root 11241100x8000000000000000694424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a0f9928a13c6442023-02-07 15:10:51.097root 11241100x8000000000000000694436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e4f1889550f7872023-02-07 15:10:51.098root 11241100x8000000000000000694435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77648779fdc9d82023-02-07 15:10:51.098root 11241100x8000000000000000694434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98d50b501f9dc62023-02-07 15:10:51.098root 11241100x8000000000000000694433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cc9b1b8f97455d2023-02-07 15:10:51.098root 11241100x8000000000000000694432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c278e289d093bf2023-02-07 15:10:51.098root 11241100x8000000000000000694431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22962bbeafd20c2023-02-07 15:10:51.098root 11241100x8000000000000000694437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ce36160bbf65962023-02-07 15:10:51.099root 11241100x8000000000000000694440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ac12468da92922023-02-07 15:10:51.595root 11241100x8000000000000000694439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdddde6ce430a1a72023-02-07 15:10:51.595root 11241100x8000000000000000694438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb462c31c5543d362023-02-07 15:10:51.595root 11241100x8000000000000000694445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ccc6b04c4593482023-02-07 15:10:51.596root 11241100x8000000000000000694444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27405c37d678f5772023-02-07 15:10:51.596root 11241100x8000000000000000694443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64982c29d1641bd42023-02-07 15:10:51.596root 11241100x8000000000000000694442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab3f8c824540c0f2023-02-07 15:10:51.596root 11241100x8000000000000000694441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2af975b2bdfaab42023-02-07 15:10:51.596root 11241100x8000000000000000694455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d00c81da7f0442023-02-07 15:10:51.597root 11241100x8000000000000000694454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6b06f92b09e9362023-02-07 15:10:51.597root 11241100x8000000000000000694453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73338714e8f96392023-02-07 15:10:51.597root 11241100x8000000000000000694452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa76d4510ed0062023-02-07 15:10:51.597root 11241100x8000000000000000694451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3e775220355af2023-02-07 15:10:51.597root 11241100x8000000000000000694450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205616f823c67442023-02-07 15:10:51.597root 11241100x8000000000000000694449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8eac899656180372023-02-07 15:10:51.597root 11241100x8000000000000000694448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776124535e4097c2023-02-07 15:10:51.597root 11241100x8000000000000000694447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2438af4120b91a82023-02-07 15:10:51.597root 11241100x8000000000000000694446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2802abbc65436332023-02-07 15:10:51.597root 11241100x8000000000000000694460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992814d083e725d2023-02-07 15:10:51.598root 11241100x8000000000000000694459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2a3854d89f3462023-02-07 15:10:51.598root 11241100x8000000000000000694458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6eb5e402d524272023-02-07 15:10:51.598root 11241100x8000000000000000694457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f8c79c6389fe1b2023-02-07 15:10:51.598root 11241100x8000000000000000694456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4cc64d51bdddf2023-02-07 15:10:51.598root 11241100x8000000000000000694464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c55fb7b4d135a372023-02-07 15:10:51.599root 11241100x8000000000000000694463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e24f0ff943ae522023-02-07 15:10:51.599root 11241100x8000000000000000694462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a1b009392da772023-02-07 15:10:51.599root 11241100x8000000000000000694461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864648ea449adbcd2023-02-07 15:10:51.599root 354300x8000000000000000694465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.049{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47890-false10.0.1.12-8000- 11241100x8000000000000000694469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb441022ca029cb2023-02-07 15:10:52.050root 11241100x8000000000000000694468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becaab0faa773fb52023-02-07 15:10:52.050root 11241100x8000000000000000694467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c75306aa77b802023-02-07 15:10:52.050root 11241100x8000000000000000694466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ba6d06fef07ec32023-02-07 15:10:52.050root 11241100x8000000000000000694474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578e30751a2dc5f2023-02-07 15:10:52.051root 11241100x8000000000000000694473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5db9ec57158e52023-02-07 15:10:52.051root 11241100x8000000000000000694472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb1034a1732d582023-02-07 15:10:52.051root 11241100x8000000000000000694471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f045010cbb11b2023-02-07 15:10:52.051root 11241100x8000000000000000694470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad213f70460c2c62023-02-07 15:10:52.051root 11241100x8000000000000000694482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a54b6a213398b2023-02-07 15:10:52.052root 11241100x8000000000000000694481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c324b49caeee9932023-02-07 15:10:52.052root 11241100x8000000000000000694480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706a517bef9c1a12023-02-07 15:10:52.052root 11241100x8000000000000000694479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6125cf2b6d7fcc2023-02-07 15:10:52.052root 11241100x8000000000000000694478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c18322b0f36fd2023-02-07 15:10:52.052root 11241100x8000000000000000694477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a55e1ce6eb95b2d2023-02-07 15:10:52.052root 11241100x8000000000000000694476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffffeb50ecff4d92023-02-07 15:10:52.052root 11241100x8000000000000000694475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd6d11dbb4c09f62023-02-07 15:10:52.052root 11241100x8000000000000000694489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd5f80ea028bf4a2023-02-07 15:10:52.053root 11241100x8000000000000000694488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11dd6f117ecf1452023-02-07 15:10:52.053root 11241100x8000000000000000694487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf86bfa6e33b99c02023-02-07 15:10:52.053root 11241100x8000000000000000694486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d0c2b026bf8102023-02-07 15:10:52.053root 11241100x8000000000000000694485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d39c0ace72131e2023-02-07 15:10:52.053root 11241100x8000000000000000694484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d904c537b383a6152023-02-07 15:10:52.053root 11241100x8000000000000000694483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4529d9a8e5fa564a2023-02-07 15:10:52.053root 11241100x8000000000000000694493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c349746265061a2023-02-07 15:10:52.054root 11241100x8000000000000000694492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1242611246541cea2023-02-07 15:10:52.054root 11241100x8000000000000000694491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67314a947b3c8a1c2023-02-07 15:10:52.054root 11241100x8000000000000000694490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ebccdd34eb52342023-02-07 15:10:52.054root 11241100x8000000000000000694494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2e6c07e781480b2023-02-07 15:10:52.345root 11241100x8000000000000000694506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee67a6616624f1452023-02-07 15:10:52.346root 11241100x8000000000000000694505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9634c8c7c5c1a8b32023-02-07 15:10:52.346root 11241100x8000000000000000694504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b5600f86e531632023-02-07 15:10:52.346root 11241100x8000000000000000694503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0bb2f2d5e16b262023-02-07 15:10:52.346root 11241100x8000000000000000694502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbc8cbac68227a22023-02-07 15:10:52.346root 11241100x8000000000000000694501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d285cd33ac117512023-02-07 15:10:52.346root 11241100x8000000000000000694500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842da0d886ebbde2023-02-07 15:10:52.346root 11241100x8000000000000000694499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa7507b45868f12023-02-07 15:10:52.346root 11241100x8000000000000000694498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce456e7f67424a2023-02-07 15:10:52.346root 11241100x8000000000000000694497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545d74f850c2e2992023-02-07 15:10:52.346root 11241100x8000000000000000694496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372aba42eacb1ba12023-02-07 15:10:52.346root 11241100x8000000000000000694495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc0426e651819e22023-02-07 15:10:52.346root 11241100x8000000000000000694517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc690def62e1de2023-02-07 15:10:52.347root 11241100x8000000000000000694516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afdb39f7d530d42023-02-07 15:10:52.347root 11241100x8000000000000000694515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea994bb5bae96bf2023-02-07 15:10:52.347root 11241100x8000000000000000694514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e10e958b46de7892023-02-07 15:10:52.347root 11241100x8000000000000000694513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6823e2b744f4a2023-02-07 15:10:52.347root 11241100x8000000000000000694512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9847a7c23f886f2023-02-07 15:10:52.347root 11241100x8000000000000000694511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b806035363a8a82023-02-07 15:10:52.347root 11241100x8000000000000000694510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca313d74c7be2fd62023-02-07 15:10:52.347root 11241100x8000000000000000694509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6937d6ab3fb4a0382023-02-07 15:10:52.347root 11241100x8000000000000000694508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b01410546385ee2023-02-07 15:10:52.347root 11241100x8000000000000000694507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7973072d59b1b7262023-02-07 15:10:52.347root 11241100x8000000000000000694518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a89f63e91e120042023-02-07 15:10:52.845root 11241100x8000000000000000694532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92addfa907c4f372023-02-07 15:10:52.846root 11241100x8000000000000000694531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b327cebe0ac3ab3f2023-02-07 15:10:52.846root 11241100x8000000000000000694530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9349739cec9b7b52023-02-07 15:10:52.846root 11241100x8000000000000000694529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed29a3d4db039932023-02-07 15:10:52.846root 11241100x8000000000000000694528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe2e928f1ccfd72023-02-07 15:10:52.846root 11241100x8000000000000000694527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5dcf216cf559b2023-02-07 15:10:52.846root 11241100x8000000000000000694526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bf1a87db78be332023-02-07 15:10:52.846root 11241100x8000000000000000694525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3713bce8ccd040b2023-02-07 15:10:52.846root 11241100x8000000000000000694524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e52da756ce8d6942023-02-07 15:10:52.846root 11241100x8000000000000000694523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4587ba05275a972023-02-07 15:10:52.846root 11241100x8000000000000000694522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef2f7990edd33ad2023-02-07 15:10:52.846root 11241100x8000000000000000694521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c021786e1d5f1532023-02-07 15:10:52.846root 11241100x8000000000000000694520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98c7886675d5382023-02-07 15:10:52.846root 11241100x8000000000000000694519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f140e8d6fa0e122023-02-07 15:10:52.846root 11241100x8000000000000000694541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83812d40a83e60712023-02-07 15:10:52.847root 11241100x8000000000000000694540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9238b612c9166f992023-02-07 15:10:52.847root 11241100x8000000000000000694539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03a5047b5a3f4912023-02-07 15:10:52.847root 11241100x8000000000000000694538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb828c78168106b92023-02-07 15:10:52.847root 11241100x8000000000000000694537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e244446c14737ab2023-02-07 15:10:52.847root 11241100x8000000000000000694536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed1a6cd278bd662023-02-07 15:10:52.847root 11241100x8000000000000000694535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bd94dedb310ce2023-02-07 15:10:52.847root 11241100x8000000000000000694534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb70a32db384352023-02-07 15:10:52.847root 11241100x8000000000000000694533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffac9dc41c37c602023-02-07 15:10:52.847root 11241100x8000000000000000694542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f56604d8cb174912023-02-07 15:10:53.345root 11241100x8000000000000000694547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fab30a61fbde0d2023-02-07 15:10:53.346root 11241100x8000000000000000694546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f28c999ff168012023-02-07 15:10:53.346root 11241100x8000000000000000694545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dfb2d4b8e1a0a42023-02-07 15:10:53.346root 11241100x8000000000000000694544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73904031b661e9f2023-02-07 15:10:53.346root 11241100x8000000000000000694543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcce48f8dba0e052023-02-07 15:10:53.346root 11241100x8000000000000000694561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df319a32759a85752023-02-07 15:10:53.347root 11241100x8000000000000000694560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b31aae68e63c82023-02-07 15:10:53.347root 11241100x8000000000000000694559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee070a5c6662e62023-02-07 15:10:53.347root 11241100x8000000000000000694558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80022c62121f9002023-02-07 15:10:53.347root 11241100x8000000000000000694557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e098d51ab6cc3222023-02-07 15:10:53.347root 11241100x8000000000000000694556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022e4130dea95a02023-02-07 15:10:53.347root 11241100x8000000000000000694555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29e372955dde0d72023-02-07 15:10:53.347root 11241100x8000000000000000694554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d47fd79b3fef12023-02-07 15:10:53.347root 11241100x8000000000000000694553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064206e68029dcaa2023-02-07 15:10:53.347root 11241100x8000000000000000694552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ac385a4ca35a02023-02-07 15:10:53.347root 11241100x8000000000000000694551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a650f5a57de36af52023-02-07 15:10:53.347root 11241100x8000000000000000694550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc90a2f2a416722023-02-07 15:10:53.347root 11241100x8000000000000000694549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a40989895a78cf42023-02-07 15:10:53.347root 11241100x8000000000000000694548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3307193bdf51172023-02-07 15:10:53.347root 11241100x8000000000000000694565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0639e66d5807e4b82023-02-07 15:10:53.348root 11241100x8000000000000000694564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591b00aefaaa1d392023-02-07 15:10:53.348root 11241100x8000000000000000694563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c9dc5bf3c75f02023-02-07 15:10:53.348root 11241100x8000000000000000694562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eacfb85e05d0d6e2023-02-07 15:10:53.348root 11241100x8000000000000000694566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786adba6752fb28d2023-02-07 15:10:53.845root 11241100x8000000000000000694570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe4cf789303fb92023-02-07 15:10:53.846root 11241100x8000000000000000694569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2508f377d69433072023-02-07 15:10:53.846root 11241100x8000000000000000694568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6a6e6b015a345a2023-02-07 15:10:53.846root 11241100x8000000000000000694567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b08bf0dd626841d2023-02-07 15:10:53.846root 11241100x8000000000000000694579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8f268d7bddeeb62023-02-07 15:10:53.847root 11241100x8000000000000000694578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549279fad580992e2023-02-07 15:10:53.847root 11241100x8000000000000000694577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ea7ee71079b5f72023-02-07 15:10:53.847root 11241100x8000000000000000694576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2110431ad991f62023-02-07 15:10:53.847root 11241100x8000000000000000694575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20a008bfe822b12023-02-07 15:10:53.847root 11241100x8000000000000000694574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76defdadf0f1b0ba2023-02-07 15:10:53.847root 11241100x8000000000000000694573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2bed0ff88b76c12023-02-07 15:10:53.847root 11241100x8000000000000000694572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2661afdce7151112023-02-07 15:10:53.847root 11241100x8000000000000000694571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e6eb3c79626c0e2023-02-07 15:10:53.847root 11241100x8000000000000000694584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3808b55708f141f2023-02-07 15:10:53.848root 11241100x8000000000000000694583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55b5fd49b85c482023-02-07 15:10:53.848root 11241100x8000000000000000694582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709051b1e19af66a2023-02-07 15:10:53.848root 11241100x8000000000000000694581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a553d242e250f2023-02-07 15:10:53.848root 11241100x8000000000000000694580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb44f48320261b2023-02-07 15:10:53.848root 11241100x8000000000000000694589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564695347d5dc6a2023-02-07 15:10:53.849root 11241100x8000000000000000694588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e54218417fd45be2023-02-07 15:10:53.849root 11241100x8000000000000000694587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cc5f408236c1192023-02-07 15:10:53.849root 11241100x8000000000000000694586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656c7553b0b2b162023-02-07 15:10:53.849root 11241100x8000000000000000694585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93eeacb55dd59d32023-02-07 15:10:53.849root 11241100x8000000000000000694596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a258fc5194dbe52023-02-07 15:10:54.346root 11241100x8000000000000000694595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d216c50ddb64e642023-02-07 15:10:54.346root 11241100x8000000000000000694594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7366a2db92e58142023-02-07 15:10:54.346root 11241100x8000000000000000694593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ad99cf92a66c32023-02-07 15:10:54.346root 11241100x8000000000000000694592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c67e4223df87d32023-02-07 15:10:54.346root 11241100x8000000000000000694591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6470cc71158c752023-02-07 15:10:54.346root 11241100x8000000000000000694590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec690eaaae8b6d1d2023-02-07 15:10:54.346root 11241100x8000000000000000694604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a81d3bc574d0522023-02-07 15:10:54.347root 11241100x8000000000000000694603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fd95d4b4cd34ed2023-02-07 15:10:54.347root 11241100x8000000000000000694602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df61c159dc396882023-02-07 15:10:54.347root 11241100x8000000000000000694601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9202acb401ef4f2023-02-07 15:10:54.347root 11241100x8000000000000000694600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c26b13db5686ff72023-02-07 15:10:54.347root 11241100x8000000000000000694599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07356df53624db2023-02-07 15:10:54.347root 11241100x8000000000000000694598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1504aa5456b555b92023-02-07 15:10:54.347root 11241100x8000000000000000694597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8664217ac11549502023-02-07 15:10:54.347root 11241100x8000000000000000694612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1fca74e70fdbd02023-02-07 15:10:54.348root 11241100x8000000000000000694611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5684a63769e8462023-02-07 15:10:54.348root 11241100x8000000000000000694610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e29c44ff668abf2023-02-07 15:10:54.348root 11241100x8000000000000000694609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481d36f1c0a58bb42023-02-07 15:10:54.348root 11241100x8000000000000000694608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab834ae3678be82023-02-07 15:10:54.348root 11241100x8000000000000000694607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa690e625333612023-02-07 15:10:54.348root 11241100x8000000000000000694606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9890a932b52898732023-02-07 15:10:54.348root 11241100x8000000000000000694605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144fa1d5e83d39d42023-02-07 15:10:54.348root 11241100x8000000000000000694613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e73565f1c6dfea62023-02-07 15:10:54.349root 11241100x8000000000000000694614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.731{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:10:54.731root 11241100x8000000000000000694616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3348bd34ff39b4712023-02-07 15:10:54.732root 11241100x8000000000000000694615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510e28c2979c1332023-02-07 15:10:54.732root 11241100x8000000000000000694619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ef476bb22615c2023-02-07 15:10:54.733root 11241100x8000000000000000694618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1758b55b4f5a5f302023-02-07 15:10:54.733root 11241100x8000000000000000694617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf01d4f1584ee2b2023-02-07 15:10:54.733root 11241100x8000000000000000694623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcba56560f6f12f22023-02-07 15:10:54.734root 11241100x8000000000000000694622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a5219b6e407c92023-02-07 15:10:54.734root 11241100x8000000000000000694621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6fe11261acdfce2023-02-07 15:10:54.734root 11241100x8000000000000000694620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca8655607a273722023-02-07 15:10:54.734root 11241100x8000000000000000694627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d115e3c59f734292023-02-07 15:10:54.735root 11241100x8000000000000000694626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa81249a30c11452023-02-07 15:10:54.735root 11241100x8000000000000000694625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da7ae59988515782023-02-07 15:10:54.735root 11241100x8000000000000000694624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761760b528f3bd92023-02-07 15:10:54.735root 11241100x8000000000000000694632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe09865ab599c2b2023-02-07 15:10:54.736root 11241100x8000000000000000694631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec1832e51ef402d2023-02-07 15:10:54.736root 11241100x8000000000000000694630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e773e272030e07682023-02-07 15:10:54.736root 11241100x8000000000000000694629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7aa5458990660e2023-02-07 15:10:54.736root 11241100x8000000000000000694628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276e311cd43cc5662023-02-07 15:10:54.736root 11241100x8000000000000000694636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6f17746ac7269d2023-02-07 15:10:54.737root 11241100x8000000000000000694635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c050ef3b300b89b2023-02-07 15:10:54.737root 11241100x8000000000000000694634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1acdb4f0905be22023-02-07 15:10:54.737root 11241100x8000000000000000694633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a937d6823f138072023-02-07 15:10:54.737root 11241100x8000000000000000694642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ff56d0a51402f2023-02-07 15:10:54.739root 11241100x8000000000000000694641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3e72302f8693ad2023-02-07 15:10:54.739root 11241100x8000000000000000694640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebf38885d185c92023-02-07 15:10:54.739root 11241100x8000000000000000694639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be77af677fcbe192023-02-07 15:10:54.739root 11241100x8000000000000000694638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1aa6ac4dd6dc8f2023-02-07 15:10:54.739root 11241100x8000000000000000694637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ba3359d743c56a2023-02-07 15:10:54.739root 11241100x8000000000000000694646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e104951d5f5b4a52023-02-07 15:10:55.095root 11241100x8000000000000000694645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5785a48b5dbf99ce2023-02-07 15:10:55.095root 11241100x8000000000000000694644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e258e03ac32172023-02-07 15:10:55.095root 11241100x8000000000000000694643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aec7f6a8d010fb2023-02-07 15:10:55.095root 11241100x8000000000000000694656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729cc3e7ea5f1c82023-02-07 15:10:55.096root 11241100x8000000000000000694655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd50ce9ff1cb36b2023-02-07 15:10:55.096root 11241100x8000000000000000694654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f7b24cf0e7f4f2023-02-07 15:10:55.096root 11241100x8000000000000000694653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57981b7efcc87e192023-02-07 15:10:55.096root 11241100x8000000000000000694652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56c30b8479090702023-02-07 15:10:55.096root 11241100x8000000000000000694651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6d9b4a8f004152023-02-07 15:10:55.096root 11241100x8000000000000000694650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222bc9f2e54182b22023-02-07 15:10:55.096root 11241100x8000000000000000694649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fef0585fbb40d602023-02-07 15:10:55.096root 11241100x8000000000000000694648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c397113f3c1f7eb2023-02-07 15:10:55.096root 11241100x8000000000000000694647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab2cd6b6de6fdd2023-02-07 15:10:55.096root 11241100x8000000000000000694665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7840cb25a93a1d332023-02-07 15:10:55.097root 11241100x8000000000000000694664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c61638a12305922023-02-07 15:10:55.097root 11241100x8000000000000000694663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad281926baf6ddf52023-02-07 15:10:55.097root 11241100x8000000000000000694662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c2f071767027dc2023-02-07 15:10:55.097root 11241100x8000000000000000694661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d084464d3bc34aa2023-02-07 15:10:55.097root 11241100x8000000000000000694660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5ef77522da2c72023-02-07 15:10:55.097root 11241100x8000000000000000694659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409114215ee2a0c92023-02-07 15:10:55.097root 11241100x8000000000000000694658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d00a5752e0dd442023-02-07 15:10:55.097root 11241100x8000000000000000694657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ab9796285bb92b2023-02-07 15:10:55.097root 11241100x8000000000000000694668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1276feaa802ac32023-02-07 15:10:55.098root 11241100x8000000000000000694667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e968f4570d6cc912023-02-07 15:10:55.098root 11241100x8000000000000000694666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d163b10faaba2cc2023-02-07 15:10:55.098root 11241100x8000000000000000694677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ddc022015de11c2023-02-07 15:10:55.596root 11241100x8000000000000000694676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429c610955f61472023-02-07 15:10:55.596root 11241100x8000000000000000694675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e00a03e3503db12023-02-07 15:10:55.596root 11241100x8000000000000000694674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7270d6764ec52e62023-02-07 15:10:55.596root 11241100x8000000000000000694673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ccbf3ef7c95e542023-02-07 15:10:55.596root 11241100x8000000000000000694672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf2084de7cc92d62023-02-07 15:10:55.596root 11241100x8000000000000000694671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799984f220f141e12023-02-07 15:10:55.596root 11241100x8000000000000000694670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd7484f7a12422b2023-02-07 15:10:55.596root 11241100x8000000000000000694669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b2c905f09ddb812023-02-07 15:10:55.596root 11241100x8000000000000000694687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8feabfab0af5ee2023-02-07 15:10:55.597root 11241100x8000000000000000694686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9903d4b632a96ac22023-02-07 15:10:55.597root 11241100x8000000000000000694685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b6d8d5781779a52023-02-07 15:10:55.597root 11241100x8000000000000000694684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0a4651eb9e4372023-02-07 15:10:55.597root 11241100x8000000000000000694683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61df9517d6f8daa2023-02-07 15:10:55.597root 11241100x8000000000000000694682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd85d41a930c9342023-02-07 15:10:55.597root 11241100x8000000000000000694681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391d6077304816fc2023-02-07 15:10:55.597root 11241100x8000000000000000694680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5465d4ade82012023-02-07 15:10:55.597root 11241100x8000000000000000694679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4715615bb1bafc1a2023-02-07 15:10:55.597root 11241100x8000000000000000694678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a56bed6b0a9cd2023-02-07 15:10:55.597root 11241100x8000000000000000694693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02599de465069e12023-02-07 15:10:55.598root 11241100x8000000000000000694692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c057e2f5951f2252023-02-07 15:10:55.598root 11241100x8000000000000000694691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579fc2373ba540a12023-02-07 15:10:55.598root 11241100x8000000000000000694690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c126a3d9bc0884512023-02-07 15:10:55.598root 11241100x8000000000000000694689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24ac0ad02e1a842023-02-07 15:10:55.598root 11241100x8000000000000000694688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb6784d933d1a4c2023-02-07 15:10:55.598root 11241100x8000000000000000694697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13729d97fe6ef7e22023-02-07 15:10:56.095root 11241100x8000000000000000694696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7555c4fe031c3f2023-02-07 15:10:56.095root 11241100x8000000000000000694695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89f6aef698fbcbf2023-02-07 15:10:56.095root 11241100x8000000000000000694694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8846dcdb42192e2023-02-07 15:10:56.095root 11241100x8000000000000000694703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea306cc08ae97a032023-02-07 15:10:56.096root 11241100x8000000000000000694702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73704a7fe1f5b6b32023-02-07 15:10:56.096root 11241100x8000000000000000694701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0573cfbdf39d22023-02-07 15:10:56.096root 11241100x8000000000000000694700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e552f6d4da29e2023-02-07 15:10:56.096root 11241100x8000000000000000694699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf7e033d98f7f722023-02-07 15:10:56.096root 11241100x8000000000000000694698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf743c9b9d9c6972023-02-07 15:10:56.096root 11241100x8000000000000000694711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7408b5774b89d17c2023-02-07 15:10:56.097root 11241100x8000000000000000694710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9476d7f18d9255aa2023-02-07 15:10:56.097root 11241100x8000000000000000694709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d64740d8094ec5d2023-02-07 15:10:56.097root 11241100x8000000000000000694708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e711b33a8264209f2023-02-07 15:10:56.097root 11241100x8000000000000000694707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6691a648b522c8d22023-02-07 15:10:56.097root 11241100x8000000000000000694706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432169e6538925d72023-02-07 15:10:56.097root 11241100x8000000000000000694705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb822b71ac33a32023-02-07 15:10:56.097root 11241100x8000000000000000694704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1395061bc26e329e2023-02-07 15:10:56.097root 11241100x8000000000000000694716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e187a105031f25592023-02-07 15:10:56.098root 11241100x8000000000000000694715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aafa9c5b71a73e62023-02-07 15:10:56.098root 11241100x8000000000000000694714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb39aa3d087f9fb2023-02-07 15:10:56.098root 11241100x8000000000000000694713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf687a9b6c7e2622023-02-07 15:10:56.098root 11241100x8000000000000000694712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd4a780e8b1b60b2023-02-07 15:10:56.098root 11241100x8000000000000000694719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb5d8e98a71d322023-02-07 15:10:56.099root 11241100x8000000000000000694718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0590ff16617b0cb2023-02-07 15:10:56.099root 11241100x8000000000000000694717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2cecd13c1a79af2023-02-07 15:10:56.099root 11241100x8000000000000000694724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1be0e57b7910632023-02-07 15:10:56.595root 11241100x8000000000000000694723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f46be7ff96b352023-02-07 15:10:56.595root 11241100x8000000000000000694722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366a3925cb49c9e42023-02-07 15:10:56.595root 11241100x8000000000000000694721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa45ebd899c2549a2023-02-07 15:10:56.595root 11241100x8000000000000000694720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f4f62516f03bf2023-02-07 15:10:56.595root 11241100x8000000000000000694731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a2aa727581c92d2023-02-07 15:10:56.596root 11241100x8000000000000000694730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524f91bd47693e32023-02-07 15:10:56.596root 11241100x8000000000000000694729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fa53dfab84184d2023-02-07 15:10:56.596root 11241100x8000000000000000694728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae72a0f4cd2b8a2a2023-02-07 15:10:56.596root 11241100x8000000000000000694727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed4f4cabfb883962023-02-07 15:10:56.596root 11241100x8000000000000000694726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba455387affdaf92023-02-07 15:10:56.596root 11241100x8000000000000000694725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a09c831fe37bc62023-02-07 15:10:56.596root 11241100x8000000000000000694741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410164e3a4296b362023-02-07 15:10:56.597root 11241100x8000000000000000694740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1c2b6d97c6a90b2023-02-07 15:10:56.597root 11241100x8000000000000000694739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24fa2c279539a852023-02-07 15:10:56.597root 11241100x8000000000000000694738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75a4e1f2983cab22023-02-07 15:10:56.597root 11241100x8000000000000000694737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a971be3c50a512023-02-07 15:10:56.597root 11241100x8000000000000000694736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce4ab6acdb207b42023-02-07 15:10:56.597root 11241100x8000000000000000694735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b94f844ca9a6b2023-02-07 15:10:56.597root 11241100x8000000000000000694734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d389663f1c7556e2023-02-07 15:10:56.597root 11241100x8000000000000000694733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a1cdb211269482023-02-07 15:10:56.597root 11241100x8000000000000000694732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773383623a8518fb2023-02-07 15:10:56.597root 11241100x8000000000000000694745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19448caecd87420b2023-02-07 15:10:56.598root 11241100x8000000000000000694744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f19fbd1296ee2023-02-07 15:10:56.598root 11241100x8000000000000000694743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a52f46255014272023-02-07 15:10:56.598root 11241100x8000000000000000694742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578b5077c3c2162a2023-02-07 15:10:56.598root 11241100x8000000000000000694747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e56a4c726667b82023-02-07 15:10:56.599root 11241100x8000000000000000694746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8519b7b082afc5e52023-02-07 15:10:56.599root 11241100x8000000000000000694748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131cbe26305cfeba2023-02-07 15:10:56.604root 11241100x8000000000000000694750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaa92e26e48fd2d2023-02-07 15:10:57.095root 11241100x8000000000000000694749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9f6509fca026a52023-02-07 15:10:57.095root 11241100x8000000000000000694756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f7d1127b8c89772023-02-07 15:10:57.096root 11241100x8000000000000000694755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b221f6cb94ff9a2023-02-07 15:10:57.096root 11241100x8000000000000000694754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f14375384fb45d2023-02-07 15:10:57.096root 11241100x8000000000000000694753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98889d8975434c92023-02-07 15:10:57.096root 11241100x8000000000000000694752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e842b19fc950a2023-02-07 15:10:57.096root 11241100x8000000000000000694751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767536ffaed8fce12023-02-07 15:10:57.096root 11241100x8000000000000000694760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03e91e71a234f92023-02-07 15:10:57.097root 11241100x8000000000000000694759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b770a843cd3792023-02-07 15:10:57.097root 11241100x8000000000000000694758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954b639e5f0bfb9e2023-02-07 15:10:57.097root 11241100x8000000000000000694757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1347f32a9092902023-02-07 15:10:57.097root 11241100x8000000000000000694764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02eaa7d1b30f695c2023-02-07 15:10:57.098root 11241100x8000000000000000694763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dea202fb741b372023-02-07 15:10:57.098root 11241100x8000000000000000694762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594cbcfcbcfb217a2023-02-07 15:10:57.098root 11241100x8000000000000000694761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316244c537288fa2023-02-07 15:10:57.098root 11241100x8000000000000000694769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f5876668f533292023-02-07 15:10:57.099root 11241100x8000000000000000694768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103d458d005d7cb52023-02-07 15:10:57.099root 11241100x8000000000000000694767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ab0330a7cf80df2023-02-07 15:10:57.099root 11241100x8000000000000000694766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657ee49370d172042023-02-07 15:10:57.099root 11241100x8000000000000000694765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc86a92e6dcf7e972023-02-07 15:10:57.099root 11241100x8000000000000000694773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4056cebbef9e52023-02-07 15:10:57.100root 11241100x8000000000000000694772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0895785c9f0a74542023-02-07 15:10:57.100root 11241100x8000000000000000694771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d056234da984a6452023-02-07 15:10:57.100root 11241100x8000000000000000694770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d533d6baa42eb22023-02-07 15:10:57.100root 11241100x8000000000000000694774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59868073ab9e07e82023-02-07 15:10:57.101root 354300x8000000000000000694775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.182{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44604-false10.0.1.12-8000- 11241100x8000000000000000694780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df14c6d50d9cc02023-02-07 15:10:57.595root 11241100x8000000000000000694779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5027c1c6b2742a372023-02-07 15:10:57.595root 11241100x8000000000000000694778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d482b43c9935f402023-02-07 15:10:57.595root 11241100x8000000000000000694777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6696d29fabd02e2023-02-07 15:10:57.595root 11241100x8000000000000000694776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7b5ef07350f0e2023-02-07 15:10:57.595root 11241100x8000000000000000694789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939749774958e5862023-02-07 15:10:57.596root 11241100x8000000000000000694788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718394fe64b243402023-02-07 15:10:57.596root 11241100x8000000000000000694787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a58426e23ac883f2023-02-07 15:10:57.596root 11241100x8000000000000000694786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816fe57cf157c072023-02-07 15:10:57.596root 11241100x8000000000000000694785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321f9974bcb72092023-02-07 15:10:57.596root 11241100x8000000000000000694784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b81eff0d31aa2a72023-02-07 15:10:57.596root 11241100x8000000000000000694783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897cef0e5d4250392023-02-07 15:10:57.596root 11241100x8000000000000000694782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bd1c3191ca9b062023-02-07 15:10:57.596root 11241100x8000000000000000694781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a5c6b7d06c67662023-02-07 15:10:57.596root 11241100x8000000000000000694798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1dc2d5da4853f2023-02-07 15:10:57.597root 11241100x8000000000000000694797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983f5a9e1752b422023-02-07 15:10:57.597root 11241100x8000000000000000694796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74823c0144910d882023-02-07 15:10:57.597root 11241100x8000000000000000694795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e137102f8d3b32023-02-07 15:10:57.597root 11241100x8000000000000000694794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb6c6a2cae891e12023-02-07 15:10:57.597root 11241100x8000000000000000694793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2243740be74b78442023-02-07 15:10:57.597root 11241100x8000000000000000694792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316786c4edecc622023-02-07 15:10:57.597root 11241100x8000000000000000694791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e91cd6b425e4882023-02-07 15:10:57.597root 11241100x8000000000000000694790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e277795b931eca9a2023-02-07 15:10:57.597root 11241100x8000000000000000694803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c197022e89a6792023-02-07 15:10:57.598root 11241100x8000000000000000694802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac7cf8d03775b72023-02-07 15:10:57.598root 11241100x8000000000000000694801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a339d4b8238a5fe22023-02-07 15:10:57.598root 11241100x8000000000000000694800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f3f08842de9d82023-02-07 15:10:57.598root 11241100x8000000000000000694799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0905f582bc43bdc2023-02-07 15:10:57.598root 11241100x8000000000000000694808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11edb024a605142023-02-07 15:10:57.599root 11241100x8000000000000000694807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1193420ddbbfb7672023-02-07 15:10:57.599root 11241100x8000000000000000694806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3f7e10f58c6c12023-02-07 15:10:57.599root 11241100x8000000000000000694805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5b420a90c53702023-02-07 15:10:57.599root 11241100x8000000000000000694804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2dc63a192bfdc92023-02-07 15:10:57.599root 23542300x8000000000000000694809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.733{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000694811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e899cd24d43445ab2023-02-07 15:10:58.095root 11241100x8000000000000000694810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e077d222ae82e2023-02-07 15:10:58.095root 11241100x8000000000000000694816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e6a913985b12c22023-02-07 15:10:58.096root 11241100x8000000000000000694815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a22db595974ed92023-02-07 15:10:58.096root 11241100x8000000000000000694814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414dfc18b96966b42023-02-07 15:10:58.096root 11241100x8000000000000000694813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3daea4bccaef1482023-02-07 15:10:58.096root 11241100x8000000000000000694812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ceda038780e8262023-02-07 15:10:58.096root 11241100x8000000000000000694820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92450d2368c147ab2023-02-07 15:10:58.097root 11241100x8000000000000000694819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dae7440e02cec672023-02-07 15:10:58.097root 11241100x8000000000000000694818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9a3dd72e92eea2023-02-07 15:10:58.097root 11241100x8000000000000000694817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319b52a135b32a6f2023-02-07 15:10:58.097root 11241100x8000000000000000694824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779067b35c805312023-02-07 15:10:58.098root 11241100x8000000000000000694823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2c76766f803162023-02-07 15:10:58.098root 11241100x8000000000000000694822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce3f0918cc129d52023-02-07 15:10:58.098root 11241100x8000000000000000694821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0717821e237592023-02-07 15:10:58.098root 11241100x8000000000000000694828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a7ec8be0988f7f2023-02-07 15:10:58.099root 11241100x8000000000000000694827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e27faa1ca933b0d2023-02-07 15:10:58.099root 11241100x8000000000000000694826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff48a69782ae5b612023-02-07 15:10:58.099root 11241100x8000000000000000694825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e49623b886b2682023-02-07 15:10:58.099root 11241100x8000000000000000694837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f426f9e0c3d1b22023-02-07 15:10:58.100root 11241100x8000000000000000694836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e623476e7c7cacee2023-02-07 15:10:58.100root 11241100x8000000000000000694835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1f313b8081ca0f2023-02-07 15:10:58.100root 11241100x8000000000000000694834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e31ebcc700444a2023-02-07 15:10:58.100root 11241100x8000000000000000694833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43df3a1d58c9ce72023-02-07 15:10:58.100root 11241100x8000000000000000694832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649150b62b5ff6a62023-02-07 15:10:58.100root 11241100x8000000000000000694831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5febb6980ab404f2023-02-07 15:10:58.100root 11241100x8000000000000000694830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e571bf0a62e49d612023-02-07 15:10:58.100root 11241100x8000000000000000694829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9708842b080ef052023-02-07 15:10:58.100root 11241100x8000000000000000694838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de5bf19c7b8f322023-02-07 15:10:58.101root 11241100x8000000000000000694841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a98e98dc342392023-02-07 15:10:58.596root 11241100x8000000000000000694840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24e5dd12e5b1d362023-02-07 15:10:58.596root 11241100x8000000000000000694839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf99e3c965af53e2023-02-07 15:10:58.596root 11241100x8000000000000000694846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f747f24b8ffe7aa2023-02-07 15:10:58.597root 11241100x8000000000000000694845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8700fe6c8e4ac80a2023-02-07 15:10:58.597root 11241100x8000000000000000694844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e45550eb81d5602023-02-07 15:10:58.597root 11241100x8000000000000000694843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae88197a042b852023-02-07 15:10:58.597root 11241100x8000000000000000694842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbd0aefdf790e22023-02-07 15:10:58.597root 11241100x8000000000000000694850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5d1e83533028b2023-02-07 15:10:58.598root 11241100x8000000000000000694849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c40de65da57672023-02-07 15:10:58.598root 11241100x8000000000000000694848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677bf8125b392692023-02-07 15:10:58.598root 11241100x8000000000000000694847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7a2c759d3cee6e2023-02-07 15:10:58.598root 11241100x8000000000000000694854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f875318ef183fef2023-02-07 15:10:58.599root 11241100x8000000000000000694853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729950073ccd44ba2023-02-07 15:10:58.599root 11241100x8000000000000000694852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab545285a792708f2023-02-07 15:10:58.599root 11241100x8000000000000000694851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03055cf43f7f50272023-02-07 15:10:58.599root 11241100x8000000000000000694865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3b6565390ab022023-02-07 15:10:58.600root 11241100x8000000000000000694864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23903112834bceef2023-02-07 15:10:58.600root 11241100x8000000000000000694863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decbc8920c56d6c52023-02-07 15:10:58.600root 11241100x8000000000000000694862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6133e40d84a02b8d2023-02-07 15:10:58.600root 11241100x8000000000000000694861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0cbeb9abdaf3592023-02-07 15:10:58.600root 11241100x8000000000000000694860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3905fcfabb05a4b02023-02-07 15:10:58.600root 11241100x8000000000000000694859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb096a993fed702023-02-07 15:10:58.600root 11241100x8000000000000000694858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bbc747fdd3f172023-02-07 15:10:58.600root 11241100x8000000000000000694857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b85a2b1c4aa79e2023-02-07 15:10:58.600root 11241100x8000000000000000694856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8b58eadbf80ba2023-02-07 15:10:58.600root 11241100x8000000000000000694855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e427993f06f57c2023-02-07 15:10:58.600root 11241100x8000000000000000694867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efd3d031ae4d84d2023-02-07 15:10:59.095root 11241100x8000000000000000694866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5193c1944ce982023-02-07 15:10:59.095root 11241100x8000000000000000694873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d394af653997c842023-02-07 15:10:59.096root 11241100x8000000000000000694872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba69a10da3843582023-02-07 15:10:59.096root 11241100x8000000000000000694871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a8e48cda82559a2023-02-07 15:10:59.096root 11241100x8000000000000000694870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df9f9c3b831b072023-02-07 15:10:59.096root 11241100x8000000000000000694869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda308c8e3ca3572023-02-07 15:10:59.096root 11241100x8000000000000000694868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d2ba7acef7b2d2023-02-07 15:10:59.096root 11241100x8000000000000000694877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b73673158bc9c2023-02-07 15:10:59.097root 11241100x8000000000000000694876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558d2aabb00a035f2023-02-07 15:10:59.097root 11241100x8000000000000000694875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850947254c17e8622023-02-07 15:10:59.097root 11241100x8000000000000000694874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e918c5679772996e2023-02-07 15:10:59.097root 11241100x8000000000000000694880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef58763a721cd02023-02-07 15:10:59.098root 11241100x8000000000000000694879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eba1937fe569ab2023-02-07 15:10:59.098root 11241100x8000000000000000694878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d968dcf6bc6e472023-02-07 15:10:59.098root 11241100x8000000000000000694884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028bfc6c21b9b22c2023-02-07 15:10:59.099root 11241100x8000000000000000694883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8638b83029baa352023-02-07 15:10:59.099root 11241100x8000000000000000694882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273e428003efbe12023-02-07 15:10:59.099root 11241100x8000000000000000694881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eecaaf088488b462023-02-07 15:10:59.099root 11241100x8000000000000000694885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57c43af4f7facf2023-02-07 15:10:59.100root 11241100x8000000000000000694887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd0516451a8cfa2023-02-07 15:10:59.101root 11241100x8000000000000000694886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ec9acd66673e82023-02-07 15:10:59.101root 11241100x8000000000000000694891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818ecfcae2dedce2023-02-07 15:10:59.102root 11241100x8000000000000000694890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72253128228ae5702023-02-07 15:10:59.102root 11241100x8000000000000000694889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf588dcf5094092023-02-07 15:10:59.102root 11241100x8000000000000000694888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f023ddf29afae2023-02-07 15:10:59.102root 11241100x8000000000000000694892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1ed0c03e9dabaf2023-02-07 15:10:59.103root 11241100x8000000000000000694895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691a6a608e1318522023-02-07 15:10:59.104root 11241100x8000000000000000694894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafbc35b94b367502023-02-07 15:10:59.104root 11241100x8000000000000000694893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3972e98bfbc338df2023-02-07 15:10:59.104root 11241100x8000000000000000694898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c279dadd60390c522023-02-07 15:10:59.595root 11241100x8000000000000000694897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acfc3c2bc7592112023-02-07 15:10:59.595root 11241100x8000000000000000694896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4081750dd66840212023-02-07 15:10:59.595root 11241100x8000000000000000694903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518e2bf146b60d12023-02-07 15:10:59.596root 11241100x8000000000000000694902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35c6fd690ac71e82023-02-07 15:10:59.596root 11241100x8000000000000000694901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff8a2c69b410a0f2023-02-07 15:10:59.596root 11241100x8000000000000000694900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e812ff0aa1e1b1962023-02-07 15:10:59.596root 11241100x8000000000000000694899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182f5e5ed23e08be2023-02-07 15:10:59.596root 11241100x8000000000000000694907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175fcaf75d1fbc32023-02-07 15:10:59.597root 11241100x8000000000000000694906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495daddd00df6d6f2023-02-07 15:10:59.597root 11241100x8000000000000000694905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e06fb607270fd32023-02-07 15:10:59.597root 11241100x8000000000000000694904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04549567b85810b22023-02-07 15:10:59.597root 11241100x8000000000000000694913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03f8063f6d36e02023-02-07 15:10:59.598root 11241100x8000000000000000694912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596859bce40a74e62023-02-07 15:10:59.598root 11241100x8000000000000000694911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86053d93ed1db3f2023-02-07 15:10:59.598root 11241100x8000000000000000694910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3dac71bb849292023-02-07 15:10:59.598root 11241100x8000000000000000694909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35216e9f3bffb0212023-02-07 15:10:59.598root 11241100x8000000000000000694908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266f3d68ff3f112a2023-02-07 15:10:59.598root 11241100x8000000000000000694915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e6497fa84b47d2023-02-07 15:10:59.599root 11241100x8000000000000000694914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ef9f1c0104e3f2023-02-07 15:10:59.599root 11241100x8000000000000000694920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a3a57b5ea515762023-02-07 15:10:59.600root 11241100x8000000000000000694919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4fdbe67b8ce7a2023-02-07 15:10:59.600root 11241100x8000000000000000694918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320c2be044075dcb2023-02-07 15:10:59.600root 11241100x8000000000000000694917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1585573131a9facd2023-02-07 15:10:59.600root 11241100x8000000000000000694916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9cdf31ff1f7aeb2023-02-07 15:10:59.600root 11241100x8000000000000000694925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761578b2273597132023-02-07 15:10:59.601root 11241100x8000000000000000694924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b37619b302fc4a2023-02-07 15:10:59.601root 11241100x8000000000000000694923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c3e95188065f8c2023-02-07 15:10:59.601root 11241100x8000000000000000694922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34004298b6c6a592023-02-07 15:10:59.601root 11241100x8000000000000000694921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd25e3249be9ed12023-02-07 15:10:59.601root 11241100x8000000000000000694927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac7e6418a094da2023-02-07 15:11:00.095root 11241100x8000000000000000694926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9485f65852cab0a2023-02-07 15:11:00.095root 11241100x8000000000000000694933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4068379fed240fa2023-02-07 15:11:00.096root 11241100x8000000000000000694932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36926a61afd0477a2023-02-07 15:11:00.096root 11241100x8000000000000000694931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a99acc2adf63d32023-02-07 15:11:00.096root 11241100x8000000000000000694930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c0e57cc3824772023-02-07 15:11:00.096root 11241100x8000000000000000694929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b8ade15ee7a4552023-02-07 15:11:00.096root 11241100x8000000000000000694928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be83397fe855c9b2023-02-07 15:11:00.096root 11241100x8000000000000000694939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa5b1c3aded3f8f2023-02-07 15:11:00.097root 11241100x8000000000000000694938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbfe57d277ad7a2023-02-07 15:11:00.097root 11241100x8000000000000000694937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ec9e07350280152023-02-07 15:11:00.097root 11241100x8000000000000000694936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98573f2667cd8acf2023-02-07 15:11:00.097root 11241100x8000000000000000694935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e49ad51584f9812023-02-07 15:11:00.097root 11241100x8000000000000000694934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da9009793364a72023-02-07 15:11:00.097root 11241100x8000000000000000694943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bc1799d908654c2023-02-07 15:11:00.098root 11241100x8000000000000000694942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdf527ca3fa378a2023-02-07 15:11:00.098root 11241100x8000000000000000694941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e4d75dc58147c2023-02-07 15:11:00.098root 11241100x8000000000000000694940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1521f21d939d6d1c2023-02-07 15:11:00.098root 11241100x8000000000000000694948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fb89b45881929f2023-02-07 15:11:00.099root 11241100x8000000000000000694947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572ded18297ec1022023-02-07 15:11:00.099root 11241100x8000000000000000694946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1872dabc967f08fc2023-02-07 15:11:00.099root 11241100x8000000000000000694945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0756c5d3e7c64ab2023-02-07 15:11:00.099root 11241100x8000000000000000694944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292f55cb62303d12023-02-07 15:11:00.099root 11241100x8000000000000000694952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f50cdc5a39f67672023-02-07 15:11:00.100root 11241100x8000000000000000694951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7aa601258019622023-02-07 15:11:00.100root 11241100x8000000000000000694950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0386224dd4012972023-02-07 15:11:00.100root 11241100x8000000000000000694949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22479b09f5fe5bc2023-02-07 15:11:00.100root 11241100x8000000000000000694954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132be86eee50c5a82023-02-07 15:11:00.101root 11241100x8000000000000000694953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c9b7b4e1afc0702023-02-07 15:11:00.101root 11241100x8000000000000000694956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d9b001fef69f62023-02-07 15:11:00.595root 11241100x8000000000000000694955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8ca405cb969532023-02-07 15:11:00.595root 11241100x8000000000000000694961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936957977430c542023-02-07 15:11:00.596root 11241100x8000000000000000694960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4851d48450d78f2023-02-07 15:11:00.596root 11241100x8000000000000000694959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716dd5a87078a482023-02-07 15:11:00.596root 11241100x8000000000000000694958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cedc4b4cd5a40e52023-02-07 15:11:00.596root 11241100x8000000000000000694957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f86468819c823f2023-02-07 15:11:00.596root 11241100x8000000000000000694966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290df9219f0e27f2023-02-07 15:11:00.597root 11241100x8000000000000000694965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0199aca84b8866b52023-02-07 15:11:00.597root 11241100x8000000000000000694964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d76ea60ffc10ea42023-02-07 15:11:00.597root 11241100x8000000000000000694963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d838fb93ac682992023-02-07 15:11:00.597root 11241100x8000000000000000694962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea0fdc6429d4a632023-02-07 15:11:00.597root 11241100x8000000000000000694971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b9ba3c2e2152582023-02-07 15:11:00.598root 11241100x8000000000000000694970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2970f51726860a8c2023-02-07 15:11:00.598root 11241100x8000000000000000694969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ac922a94d42d622023-02-07 15:11:00.598root 11241100x8000000000000000694968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a73a2c5a0479d5d2023-02-07 15:11:00.598root 11241100x8000000000000000694967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c894335aa290c502023-02-07 15:11:00.598root 11241100x8000000000000000694974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaadefbaf3dddce2023-02-07 15:11:00.599root 11241100x8000000000000000694973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00783e5e8e5dca912023-02-07 15:11:00.599root 11241100x8000000000000000694972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fc95c2a7ba11b2023-02-07 15:11:00.599root 11241100x8000000000000000694979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d88312112951322023-02-07 15:11:00.600root 11241100x8000000000000000694978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a265a759c17860a2023-02-07 15:11:00.600root 11241100x8000000000000000694977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b4d27d38ce4092023-02-07 15:11:00.600root 11241100x8000000000000000694976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fd08e6b566a3ac2023-02-07 15:11:00.600root 11241100x8000000000000000694975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e881f54ffe9612023-02-07 15:11:00.600root 11241100x8000000000000000694982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8bbb157bf02ff72023-02-07 15:11:00.601root 11241100x8000000000000000694981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd86af954cddac2023-02-07 15:11:00.601root 11241100x8000000000000000694980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22a68ea086be692023-02-07 15:11:00.601root 11241100x8000000000000000694985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6665d21c66d56fd2023-02-07 15:11:00.602root 11241100x8000000000000000694984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d45cc2a728a8792023-02-07 15:11:00.602root 11241100x8000000000000000694983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db91ad086848d5462023-02-07 15:11:00.602root 11241100x8000000000000000694987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60745f39f9c37d772023-02-07 15:11:01.095root 11241100x8000000000000000694986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc3b7e695b1ec422023-02-07 15:11:01.095root 11241100x8000000000000000694992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93d215df6aafe82023-02-07 15:11:01.096root 11241100x8000000000000000694991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e3c2f8d36b52f2023-02-07 15:11:01.096root 11241100x8000000000000000694990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6528ca0623588b2023-02-07 15:11:01.096root 11241100x8000000000000000694989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948ec1159bd98cdb2023-02-07 15:11:01.096root 11241100x8000000000000000694988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12e89698be28152023-02-07 15:11:01.096root 11241100x8000000000000000694995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d263afc9bd2883772023-02-07 15:11:01.097root 11241100x8000000000000000694994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994f3fbddfe22e42023-02-07 15:11:01.097root 11241100x8000000000000000694993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4639aab3f04f07772023-02-07 15:11:01.097root 11241100x8000000000000000695000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590be56302879b492023-02-07 15:11:01.099root 11241100x8000000000000000694999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078cf65ac6365a72023-02-07 15:11:01.099root 11241100x8000000000000000694998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73300074b54c412023-02-07 15:11:01.099root 11241100x8000000000000000694997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9d4102770d15c2023-02-07 15:11:01.099root 11241100x8000000000000000694996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61cef76919e5522023-02-07 15:11:01.099root 11241100x8000000000000000695010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecd043330f32e832023-02-07 15:11:01.100root 11241100x8000000000000000695009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa1f140574ed73f2023-02-07 15:11:01.100root 11241100x8000000000000000695008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4280f4717352b192023-02-07 15:11:01.100root 11241100x8000000000000000695007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb782621489ada72023-02-07 15:11:01.100root 11241100x8000000000000000695006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a58c3988844b512023-02-07 15:11:01.100root 11241100x8000000000000000695005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a48ddd5bc1696d2023-02-07 15:11:01.100root 11241100x8000000000000000695004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc03850fa7166de2023-02-07 15:11:01.100root 11241100x8000000000000000695003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4adb857880a9102023-02-07 15:11:01.100root 11241100x8000000000000000695002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3b41f75bc3a1eb2023-02-07 15:11:01.100root 11241100x8000000000000000695001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffb5436d65619f22023-02-07 15:11:01.100root 11241100x8000000000000000695017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc51d51e833fa6b2023-02-07 15:11:01.101root 11241100x8000000000000000695016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba90248dedc07862023-02-07 15:11:01.101root 11241100x8000000000000000695015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530bcefc9e85aa02023-02-07 15:11:01.101root 11241100x8000000000000000695014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12369a0b6feeb3ec2023-02-07 15:11:01.101root 11241100x8000000000000000695013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3c3885bb3fd0762023-02-07 15:11:01.101root 11241100x8000000000000000695012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeae996b853a0632023-02-07 15:11:01.101root 11241100x8000000000000000695011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b3f19534d60722023-02-07 15:11:01.101root 11241100x8000000000000000695025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e295253d75124ad2023-02-07 15:11:01.102root 11241100x8000000000000000695024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e03ba163d6493852023-02-07 15:11:01.102root 11241100x8000000000000000695023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdadd37a65fb6a652023-02-07 15:11:01.102root 11241100x8000000000000000695022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942fba40a6e86582023-02-07 15:11:01.102root 11241100x8000000000000000695021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a3de61340281e2023-02-07 15:11:01.102root 11241100x8000000000000000695020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900d956da049c02e2023-02-07 15:11:01.102root 11241100x8000000000000000695019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29861f14d1ae5642023-02-07 15:11:01.102root 11241100x8000000000000000695018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7e1b607dc0a452023-02-07 15:11:01.102root 11241100x8000000000000000695026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3aef78414227942023-02-07 15:11:01.103root 11241100x8000000000000000695028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fc254422956e2e2023-02-07 15:11:01.595root 11241100x8000000000000000695027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb92224c8e140d692023-02-07 15:11:01.595root 11241100x8000000000000000695035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885c32e529870ef2023-02-07 15:11:01.596root 11241100x8000000000000000695034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9313ae0018fbc9c2023-02-07 15:11:01.596root 11241100x8000000000000000695033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a63042530828372023-02-07 15:11:01.596root 11241100x8000000000000000695032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa6df34e42e98c72023-02-07 15:11:01.596root 11241100x8000000000000000695031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67284a77f56106882023-02-07 15:11:01.596root 11241100x8000000000000000695030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda384f2ad50c6e2023-02-07 15:11:01.596root 11241100x8000000000000000695029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088f3a2820bc46e72023-02-07 15:11:01.596root 11241100x8000000000000000695041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787030cd89866ce2023-02-07 15:11:01.597root 11241100x8000000000000000695040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68be8d36e8548ebd2023-02-07 15:11:01.597root 11241100x8000000000000000695039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489293e076579cd02023-02-07 15:11:01.597root 11241100x8000000000000000695038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b15b692691bd72023-02-07 15:11:01.597root 11241100x8000000000000000695037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d17ae65fdd677832023-02-07 15:11:01.597root 11241100x8000000000000000695036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a022f096a801e7902023-02-07 15:11:01.597root 11241100x8000000000000000695048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c66150215f4dea2023-02-07 15:11:01.598root 11241100x8000000000000000695047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd99cd4c51ccd3a2023-02-07 15:11:01.598root 11241100x8000000000000000695046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7cedae1858d4792023-02-07 15:11:01.598root 11241100x8000000000000000695045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165ac8c91d726f852023-02-07 15:11:01.598root 11241100x8000000000000000695044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a667f0ad49167a2023-02-07 15:11:01.598root 11241100x8000000000000000695043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5992f57874ed242023-02-07 15:11:01.598root 11241100x8000000000000000695042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e23411bc6e09af2023-02-07 15:11:01.598root 11241100x8000000000000000695055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d3a3c61baa056b2023-02-07 15:11:01.599root 11241100x8000000000000000695054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c367fa38fb22cf9e2023-02-07 15:11:01.599root 11241100x8000000000000000695053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe49ebb4f1136912023-02-07 15:11:01.599root 11241100x8000000000000000695052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15f933d92f37cd82023-02-07 15:11:01.599root 11241100x8000000000000000695051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa38097dffdc30572023-02-07 15:11:01.599root 11241100x8000000000000000695050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bee4bcdf4a1d942023-02-07 15:11:01.599root 11241100x8000000000000000695049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea38755be0fa98e2023-02-07 15:11:01.599root 11241100x8000000000000000695057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e39abd36d96a9bb2023-02-07 15:11:01.600root 11241100x8000000000000000695056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebfafe6269375022023-02-07 15:11:01.600root 11241100x8000000000000000695061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d438671fd667422023-02-07 15:11:02.095root 11241100x8000000000000000695060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd98d8cf59e39e2023-02-07 15:11:02.095root 11241100x8000000000000000695059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af628f2e0f79ee642023-02-07 15:11:02.095root 11241100x8000000000000000695058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592fdd54620808782023-02-07 15:11:02.095root 11241100x8000000000000000695067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d827c660e6e612023-02-07 15:11:02.096root 11241100x8000000000000000695066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988358d2fcf1e4382023-02-07 15:11:02.096root 11241100x8000000000000000695065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700a413eca392a7c2023-02-07 15:11:02.096root 11241100x8000000000000000695064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59932f414a4cb2142023-02-07 15:11:02.096root 11241100x8000000000000000695063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db2238fc47eac522023-02-07 15:11:02.096root 11241100x8000000000000000695062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74fb43e279187d2023-02-07 15:11:02.096root 11241100x8000000000000000695072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae9b732b99605b2023-02-07 15:11:02.097root 11241100x8000000000000000695071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1463f1b257cb892023-02-07 15:11:02.097root 11241100x8000000000000000695070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf1f42eee676e92023-02-07 15:11:02.097root 11241100x8000000000000000695069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbc7b4254f080d22023-02-07 15:11:02.097root 11241100x8000000000000000695068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afb19e4e4192c862023-02-07 15:11:02.097root 11241100x8000000000000000695082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa390ecfaf994e42023-02-07 15:11:02.098root 11241100x8000000000000000695081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98018428da23aba22023-02-07 15:11:02.098root 11241100x8000000000000000695080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6098eeab5cbe3a5b2023-02-07 15:11:02.098root 11241100x8000000000000000695079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5dbebffd7dd1dd2023-02-07 15:11:02.098root 11241100x8000000000000000695078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15edaf3ab494416b2023-02-07 15:11:02.098root 11241100x8000000000000000695077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72c1ac70b504d32023-02-07 15:11:02.098root 11241100x8000000000000000695076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65433aa692559ef2023-02-07 15:11:02.098root 11241100x8000000000000000695075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575adbf5d365121d2023-02-07 15:11:02.098root 11241100x8000000000000000695074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfc8eaddea5e9572023-02-07 15:11:02.098root 11241100x8000000000000000695073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d197f28cdff85652023-02-07 15:11:02.098root 11241100x8000000000000000695086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1be6c63dbbe072023-02-07 15:11:02.099root 11241100x8000000000000000695085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea909ec7e58b98f2023-02-07 15:11:02.099root 11241100x8000000000000000695084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d60f2e8b729b902023-02-07 15:11:02.099root 11241100x8000000000000000695083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca215813fd00c12023-02-07 15:11:02.099root 11241100x8000000000000000695091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8f8b63586fbf212023-02-07 15:11:02.100root 11241100x8000000000000000695090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a9ed5212a0c9bb2023-02-07 15:11:02.100root 11241100x8000000000000000695089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77268a0029aeed92023-02-07 15:11:02.100root 11241100x8000000000000000695088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2587def1dd9276a82023-02-07 15:11:02.100root 11241100x8000000000000000695087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dffab8f6ac41462023-02-07 15:11:02.100root 11241100x8000000000000000695093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b972829891c9012023-02-07 15:11:02.595root 11241100x8000000000000000695092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c976fcf0a564d02023-02-07 15:11:02.595root 11241100x8000000000000000695097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61653bc4af5cc272023-02-07 15:11:02.596root 11241100x8000000000000000695096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa286ff38d732d42023-02-07 15:11:02.596root 11241100x8000000000000000695095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f5a95b8c2e34b2023-02-07 15:11:02.596root 11241100x8000000000000000695094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168644c2d9703ea92023-02-07 15:11:02.596root 11241100x8000000000000000695103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bc65c28affc9f82023-02-07 15:11:02.597root 11241100x8000000000000000695102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f85bbc43a8e102023-02-07 15:11:02.597root 11241100x8000000000000000695101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0527e54dbeb022e52023-02-07 15:11:02.597root 11241100x8000000000000000695100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cb029f121f63e2023-02-07 15:11:02.597root 11241100x8000000000000000695099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a784be09367672023-02-07 15:11:02.597root 11241100x8000000000000000695098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1812cbdab52e690a2023-02-07 15:11:02.597root 11241100x8000000000000000695110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb22862edb24da12023-02-07 15:11:02.598root 11241100x8000000000000000695109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63410d444cd062902023-02-07 15:11:02.598root 11241100x8000000000000000695108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca8e984909f8fd2023-02-07 15:11:02.598root 11241100x8000000000000000695107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b2530b149d8222023-02-07 15:11:02.598root 11241100x8000000000000000695106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a810ddd4cb5d3002023-02-07 15:11:02.598root 11241100x8000000000000000695105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbd8306416a71332023-02-07 15:11:02.598root 11241100x8000000000000000695104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72553a9b7a7a51c2023-02-07 15:11:02.598root 11241100x8000000000000000695118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94744ddbc711ac532023-02-07 15:11:02.599root 11241100x8000000000000000695117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f13fddbca6fb962023-02-07 15:11:02.599root 11241100x8000000000000000695116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5629d435e11c91ef2023-02-07 15:11:02.599root 11241100x8000000000000000695115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b57c9921d7d062023-02-07 15:11:02.599root 11241100x8000000000000000695114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449e9e871d5a9f282023-02-07 15:11:02.599root 11241100x8000000000000000695113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a2667399e33dad2023-02-07 15:11:02.599root 11241100x8000000000000000695112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50254e7a63b983402023-02-07 15:11:02.599root 11241100x8000000000000000695111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac36789d983d3512023-02-07 15:11:02.599root 11241100x8000000000000000695124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108874e3c426effc2023-02-07 15:11:02.600root 11241100x8000000000000000695123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf697079b7d2422023-02-07 15:11:02.600root 11241100x8000000000000000695122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430fcfc75bb40002023-02-07 15:11:02.600root 11241100x8000000000000000695121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ab187a71ea485a2023-02-07 15:11:02.600root 11241100x8000000000000000695120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906a70e9f4c8aeac2023-02-07 15:11:02.600root 11241100x8000000000000000695119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bfa287b87ce922023-02-07 15:11:02.600root 11241100x8000000000000000695129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753966e1f0b411e62023-02-07 15:11:03.095root 11241100x8000000000000000695128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1d40270c23e6c32023-02-07 15:11:03.095root 11241100x8000000000000000695127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f752910577c8cc2023-02-07 15:11:03.095root 11241100x8000000000000000695126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd2839cd5941d62023-02-07 15:11:03.095root 11241100x8000000000000000695125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a14ba4e018420e22023-02-07 15:11:03.095root 11241100x8000000000000000695133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cedf2ed0b872ec2023-02-07 15:11:03.096root 11241100x8000000000000000695132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033d6e8ca98f1d92023-02-07 15:11:03.096root 11241100x8000000000000000695131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5dbf692843d7372023-02-07 15:11:03.096root 11241100x8000000000000000695130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0580da72d5ef84b62023-02-07 15:11:03.096root 11241100x8000000000000000695137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5950791497445f2023-02-07 15:11:03.097root 11241100x8000000000000000695136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc6674a04622602023-02-07 15:11:03.097root 11241100x8000000000000000695135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7806a6ac2e25b792023-02-07 15:11:03.097root 11241100x8000000000000000695134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd883cfd1f96e6632023-02-07 15:11:03.097root 11241100x8000000000000000695141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb56024883a2002023-02-07 15:11:03.098root 11241100x8000000000000000695140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e91628098e25aa52023-02-07 15:11:03.098root 11241100x8000000000000000695139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4e906860110c672023-02-07 15:11:03.098root 11241100x8000000000000000695138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312108c5fc578ec2023-02-07 15:11:03.098root 11241100x8000000000000000695145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42877ad7d5f9fb4b2023-02-07 15:11:03.099root 11241100x8000000000000000695144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b20dfda141da1e2023-02-07 15:11:03.099root 11241100x8000000000000000695143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7f5260f71f1672023-02-07 15:11:03.099root 11241100x8000000000000000695142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aaef6135b94ec12023-02-07 15:11:03.099root 11241100x8000000000000000695148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02becf45cfcd7df12023-02-07 15:11:03.100root 11241100x8000000000000000695147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2665a92df139552023-02-07 15:11:03.100root 11241100x8000000000000000695146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc81f6925ee6b82023-02-07 15:11:03.100root 11241100x8000000000000000695150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbdb7de5efe9632023-02-07 15:11:03.101root 11241100x8000000000000000695149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acae7550671581182023-02-07 15:11:03.101root 11241100x8000000000000000695152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922d9a751033bec92023-02-07 15:11:03.102root 11241100x8000000000000000695151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdc1f49a42ebfcc2023-02-07 15:11:03.102root 11241100x8000000000000000695155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e7dfe9ec1736d72023-02-07 15:11:03.103root 11241100x8000000000000000695154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8827d66c17d8b52023-02-07 15:11:03.103root 11241100x8000000000000000695153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb90ec91b3de3e2023-02-07 15:11:03.103root 11241100x8000000000000000695157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520f1738429431112023-02-07 15:11:03.104root 11241100x8000000000000000695156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2d408468c438282023-02-07 15:11:03.104root 354300x8000000000000000695158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.146{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44608-false10.0.1.12-8000- 11241100x8000000000000000695161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ae790ce82776c22023-02-07 15:11:03.595root 11241100x8000000000000000695160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b285a6f5f408e49f2023-02-07 15:11:03.595root 11241100x8000000000000000695159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db0b8073cf5b932023-02-07 15:11:03.595root 11241100x8000000000000000695162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c640d88b46984992023-02-07 15:11:03.596root 11241100x8000000000000000695163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdedbb60e664c47a2023-02-07 15:11:03.599root 11241100x8000000000000000695170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6142a57ff12157242023-02-07 15:11:03.600root 11241100x8000000000000000695169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400a33089509c102023-02-07 15:11:03.600root 11241100x8000000000000000695168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a050339eb0d5662023-02-07 15:11:03.600root 11241100x8000000000000000695167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0366b8fa53f779bc2023-02-07 15:11:03.600root 11241100x8000000000000000695166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290783c00535cff2023-02-07 15:11:03.600root 11241100x8000000000000000695165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699be5e5ac784ac92023-02-07 15:11:03.600root 11241100x8000000000000000695164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c84e54771c4ae2023-02-07 15:11:03.600root 11241100x8000000000000000695178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5428d42bb87f426f2023-02-07 15:11:03.601root 11241100x8000000000000000695177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27688a4d284a132023-02-07 15:11:03.601root 11241100x8000000000000000695176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fe5b90209a4b42023-02-07 15:11:03.601root 11241100x8000000000000000695175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2203e34cdfa2952023-02-07 15:11:03.601root 11241100x8000000000000000695174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a422d49f6eb996b2023-02-07 15:11:03.601root 11241100x8000000000000000695173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bf5b511999c54b2023-02-07 15:11:03.601root 11241100x8000000000000000695172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333c0b162fdcd5d2023-02-07 15:11:03.601root 11241100x8000000000000000695171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0955f08bdb87182023-02-07 15:11:03.601root 11241100x8000000000000000695185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9567e868e61b84b92023-02-07 15:11:03.602root 11241100x8000000000000000695184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af46a5942858102023-02-07 15:11:03.602root 11241100x8000000000000000695183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5263c53236f53372023-02-07 15:11:03.602root 11241100x8000000000000000695182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b3d395555c2b8e2023-02-07 15:11:03.602root 11241100x8000000000000000695181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa429317d055c3352023-02-07 15:11:03.602root 11241100x8000000000000000695180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408850066fc300542023-02-07 15:11:03.602root 11241100x8000000000000000695179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c053adea7d9c0b52023-02-07 15:11:03.602root 11241100x8000000000000000695189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bf47ba1a51f29c2023-02-07 15:11:03.603root 11241100x8000000000000000695188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3349f63075c52ea82023-02-07 15:11:03.603root 11241100x8000000000000000695187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd61fa2f127b7e62023-02-07 15:11:03.603root 11241100x8000000000000000695186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf5acb6c6db571e2023-02-07 15:11:03.603root 11241100x8000000000000000695193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4e4d23c1db33bc2023-02-07 15:11:04.095root 11241100x8000000000000000695192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc67e9dd9fb03932023-02-07 15:11:04.095root 11241100x8000000000000000695191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9320c0c7fe4209f62023-02-07 15:11:04.095root 11241100x8000000000000000695190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2685ac17cc2b00482023-02-07 15:11:04.095root 11241100x8000000000000000695203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a673abe34c32a9d2023-02-07 15:11:04.096root 11241100x8000000000000000695202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e484d05da3f48182023-02-07 15:11:04.096root 11241100x8000000000000000695201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e630449c4ad042023-02-07 15:11:04.096root 11241100x8000000000000000695200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b798cc27d6f4a7b2023-02-07 15:11:04.096root 11241100x8000000000000000695199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c9b7a07dcf41f42023-02-07 15:11:04.096root 11241100x8000000000000000695198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e19c1b0604d79362023-02-07 15:11:04.096root 11241100x8000000000000000695197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54498dcc7c195ce2023-02-07 15:11:04.096root 11241100x8000000000000000695196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4506ab64b4d187f62023-02-07 15:11:04.096root 11241100x8000000000000000695195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c00a455ac397a232023-02-07 15:11:04.096root 11241100x8000000000000000695194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6bf6a4eafcc6d12023-02-07 15:11:04.096root 11241100x8000000000000000695207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a481c9c5f957842023-02-07 15:11:04.097root 11241100x8000000000000000695206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045192767335ebc52023-02-07 15:11:04.097root 11241100x8000000000000000695205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46e457ba66099f2023-02-07 15:11:04.097root 11241100x8000000000000000695204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffd2567641865d2023-02-07 15:11:04.097root 11241100x8000000000000000695211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc768913c9cba9d2023-02-07 15:11:04.098root 11241100x8000000000000000695210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1d91b26f0842012023-02-07 15:11:04.098root 11241100x8000000000000000695209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960a37921b8ccaba2023-02-07 15:11:04.098root 11241100x8000000000000000695208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e7a48da79320ce2023-02-07 15:11:04.098root 11241100x8000000000000000695217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c74551e57ee426e2023-02-07 15:11:04.099root 11241100x8000000000000000695216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27d6c32d275ce9f2023-02-07 15:11:04.099root 11241100x8000000000000000695215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a545a72ea1f3152023-02-07 15:11:04.099root 11241100x8000000000000000695214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72f8f2441a19772023-02-07 15:11:04.099root 11241100x8000000000000000695213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca07e5be18e2f992023-02-07 15:11:04.099root 11241100x8000000000000000695212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47196244611fb9a62023-02-07 15:11:04.099root 11241100x8000000000000000695230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b13e9adf2aa52e2023-02-07 15:11:04.100root 11241100x8000000000000000695229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e382b3c8a4970b4e2023-02-07 15:11:04.100root 11241100x8000000000000000695228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408db67f3764d1c2023-02-07 15:11:04.100root 11241100x8000000000000000695227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0636a67a1ee81252023-02-07 15:11:04.100root 11241100x8000000000000000695226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1396f50db2bafe82023-02-07 15:11:04.100root 11241100x8000000000000000695225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee072d3fe529c52023-02-07 15:11:04.100root 11241100x8000000000000000695224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29212a7d02e304c42023-02-07 15:11:04.100root 11241100x8000000000000000695223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826568917cccffe02023-02-07 15:11:04.100root 11241100x8000000000000000695222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deba32843d5ff7552023-02-07 15:11:04.100root 11241100x8000000000000000695221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec620fd023dcad3b2023-02-07 15:11:04.100root 11241100x8000000000000000695220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d18056e6099c062023-02-07 15:11:04.100root 11241100x8000000000000000695219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b998cfe11937442023-02-07 15:11:04.100root 11241100x8000000000000000695218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839a4fb0aa4fe052023-02-07 15:11:04.100root 11241100x8000000000000000695234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659bda6c71d6a7d72023-02-07 15:11:04.595root 11241100x8000000000000000695233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a3091f39c98c82023-02-07 15:11:04.595root 11241100x8000000000000000695232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da9bcba9cb63092023-02-07 15:11:04.595root 11241100x8000000000000000695231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fc200ddd46061f2023-02-07 15:11:04.595root 11241100x8000000000000000695242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b715ed5dae8ba2023-02-07 15:11:04.596root 11241100x8000000000000000695241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01052a01bb8623d2023-02-07 15:11:04.596root 11241100x8000000000000000695240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734e2142b07c5ac2023-02-07 15:11:04.596root 11241100x8000000000000000695239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35228965c814d4b52023-02-07 15:11:04.596root 11241100x8000000000000000695238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad225ff500891f72023-02-07 15:11:04.596root 11241100x8000000000000000695237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535656e2837189c62023-02-07 15:11:04.596root 11241100x8000000000000000695236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dccd39f455d412023-02-07 15:11:04.596root 11241100x8000000000000000695235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c300bb8e1312f2023-02-07 15:11:04.596root 11241100x8000000000000000695248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88371275cbb537322023-02-07 15:11:04.597root 11241100x8000000000000000695247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8d549832b5049f2023-02-07 15:11:04.597root 11241100x8000000000000000695246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d15fd549e71a3e2023-02-07 15:11:04.597root 11241100x8000000000000000695245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb7339100b058802023-02-07 15:11:04.597root 11241100x8000000000000000695244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafc0f8de106326b2023-02-07 15:11:04.597root 11241100x8000000000000000695243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd24719e376ddd2023-02-07 15:11:04.597root 11241100x8000000000000000695251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc52d4b7c7f9f472023-02-07 15:11:04.598root 11241100x8000000000000000695250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea0f1bad02a04f2023-02-07 15:11:04.598root 11241100x8000000000000000695249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d1a634e060a1282023-02-07 15:11:04.598root 11241100x8000000000000000695254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d7ca6a9517fc7d2023-02-07 15:11:04.602root 11241100x8000000000000000695253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcb5f450867fa682023-02-07 15:11:04.602root 11241100x8000000000000000695252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558fcae143b6fd92023-02-07 15:11:04.602root 11241100x8000000000000000695258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e3d46b6fb5e9b72023-02-07 15:11:04.603root 11241100x8000000000000000695257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84384cb241bc52b32023-02-07 15:11:04.603root 11241100x8000000000000000695256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf5227f6cde6e032023-02-07 15:11:04.603root 11241100x8000000000000000695255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ee363ce0ef1982023-02-07 15:11:04.603root 11241100x8000000000000000695264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158c24c2d02458b2023-02-07 15:11:04.604root 11241100x8000000000000000695263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc443ff3fcf136e2023-02-07 15:11:04.604root 11241100x8000000000000000695262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5625d3f6d80841b2023-02-07 15:11:04.604root 11241100x8000000000000000695261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07095dde15ca1dd2023-02-07 15:11:04.604root 11241100x8000000000000000695260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c1774ef1cadbed2023-02-07 15:11:04.604root 11241100x8000000000000000695259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ecb7c72bde70d2023-02-07 15:11:04.604root 11241100x8000000000000000695265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e648935bb755962023-02-07 15:11:04.605root 11241100x8000000000000000695267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe0fbb72c9899152023-02-07 15:11:05.095root 11241100x8000000000000000695266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d3a18eda88b1b72023-02-07 15:11:05.095root 11241100x8000000000000000695270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef4b7e4495d4902023-02-07 15:11:05.096root 11241100x8000000000000000695269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcfd50a16fff5372023-02-07 15:11:05.096root 11241100x8000000000000000695268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7cf9eadabc3d072023-02-07 15:11:05.096root 11241100x8000000000000000695273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543e34093768815a2023-02-07 15:11:05.097root 11241100x8000000000000000695272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980426964668e76c2023-02-07 15:11:05.097root 11241100x8000000000000000695271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a790e1bfa0db582023-02-07 15:11:05.097root 11241100x8000000000000000695280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ee27ee7311a9162023-02-07 15:11:05.098root 11241100x8000000000000000695279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf0f7d2d943e0e2023-02-07 15:11:05.098root 11241100x8000000000000000695278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f11cf8e8a6f88b2023-02-07 15:11:05.098root 11241100x8000000000000000695277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d928f7fcf6815c2023-02-07 15:11:05.098root 11241100x8000000000000000695276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb6662163a631cf2023-02-07 15:11:05.098root 11241100x8000000000000000695275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5012fbfb2e9149f2023-02-07 15:11:05.098root 11241100x8000000000000000695274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7ac70a8e6b68c02023-02-07 15:11:05.098root 11241100x8000000000000000695290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e97e4b9fc658922023-02-07 15:11:05.099root 11241100x8000000000000000695289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902edec530434e4c2023-02-07 15:11:05.099root 11241100x8000000000000000695288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b9a677843aae382023-02-07 15:11:05.099root 11241100x8000000000000000695287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cde00733e45c612023-02-07 15:11:05.099root 11241100x8000000000000000695286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874654cf2d0ce2d22023-02-07 15:11:05.099root 11241100x8000000000000000695285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60d6176c975f2e2023-02-07 15:11:05.099root 11241100x8000000000000000695284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c9063ebc4eb48c2023-02-07 15:11:05.099root 11241100x8000000000000000695283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6924451a573e66552023-02-07 15:11:05.099root 11241100x8000000000000000695282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc206c31e57d6e2023-02-07 15:11:05.099root 11241100x8000000000000000695281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2de21ba27f4632023-02-07 15:11:05.099root 11241100x8000000000000000695297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d1167864e4cbe2023-02-07 15:11:05.100root 11241100x8000000000000000695296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc6badcbd2f15d2023-02-07 15:11:05.100root 11241100x8000000000000000695295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835ee720816b4492023-02-07 15:11:05.100root 11241100x8000000000000000695294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6908ea9297c56fa2023-02-07 15:11:05.100root 11241100x8000000000000000695293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd46a9c35ba2f72023-02-07 15:11:05.100root 11241100x8000000000000000695292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba2e72012bcf6c2023-02-07 15:11:05.100root 11241100x8000000000000000695291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983c8623f705eb72023-02-07 15:11:05.100root 11241100x8000000000000000695301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04f177fd25736432023-02-07 15:11:05.595root 11241100x8000000000000000695300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f893dfbd5229a4f02023-02-07 15:11:05.595root 11241100x8000000000000000695299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeb2d498b39356b2023-02-07 15:11:05.595root 11241100x8000000000000000695298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c646c083be46812023-02-07 15:11:05.595root 11241100x8000000000000000695307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0126ce96cf03feb2023-02-07 15:11:05.596root 11241100x8000000000000000695306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07011825b5a14322023-02-07 15:11:05.596root 11241100x8000000000000000695305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff27e5c85aeca052023-02-07 15:11:05.596root 11241100x8000000000000000695304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c947fa5a91390072023-02-07 15:11:05.596root 11241100x8000000000000000695303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9064fddf0bf7072023-02-07 15:11:05.596root 11241100x8000000000000000695302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b999db8ab4845a952023-02-07 15:11:05.596root 11241100x8000000000000000695314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e4c06c7a5494ff2023-02-07 15:11:05.597root 11241100x8000000000000000695313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea6ffdaaf6f0ee2023-02-07 15:11:05.597root 11241100x8000000000000000695312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df0f30b3f78f09a2023-02-07 15:11:05.597root 11241100x8000000000000000695311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45175c830d54792023-02-07 15:11:05.597root 11241100x8000000000000000695310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cbd7f5817a977a2023-02-07 15:11:05.597root 11241100x8000000000000000695309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d755e8b801b9cf02023-02-07 15:11:05.597root 11241100x8000000000000000695308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0cb1735cc1d0072023-02-07 15:11:05.597root 11241100x8000000000000000695321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d062976c4c4d02023-02-07 15:11:05.598root 11241100x8000000000000000695320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724d762ab9e677e2023-02-07 15:11:05.598root 11241100x8000000000000000695319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c643e2c82b3692023-02-07 15:11:05.598root 11241100x8000000000000000695318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faca5f018d79ad22023-02-07 15:11:05.598root 11241100x8000000000000000695317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3095ee018d45d2042023-02-07 15:11:05.598root 11241100x8000000000000000695316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9b8d855bc5a1f2023-02-07 15:11:05.598root 11241100x8000000000000000695315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671244bc6bd67db12023-02-07 15:11:05.598root 11241100x8000000000000000695329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c6a2e9cf1a38b62023-02-07 15:11:05.599root 11241100x8000000000000000695328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd0be6322ce22a62023-02-07 15:11:05.599root 11241100x8000000000000000695327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a4b3ab4aae61d2023-02-07 15:11:05.599root 11241100x8000000000000000695326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a21818407c6e92023-02-07 15:11:05.599root 11241100x8000000000000000695325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8433f3b85e4ccf22023-02-07 15:11:05.599root 11241100x8000000000000000695324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7175a5329f9d12023-02-07 15:11:05.599root 11241100x8000000000000000695323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffdff57fbf718e82023-02-07 15:11:05.599root 11241100x8000000000000000695322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749741c5e48d17282023-02-07 15:11:05.599root 11241100x8000000000000000695331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4fac29b1d303a2023-02-07 15:11:06.095root 11241100x8000000000000000695330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f124190d3556ea12023-02-07 15:11:06.095root 11241100x8000000000000000695332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12f2da1bc5c6b122023-02-07 15:11:06.096root 11241100x8000000000000000695343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fa2af475a06bb02023-02-07 15:11:06.097root 11241100x8000000000000000695342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc28c6c8c1f403f2023-02-07 15:11:06.097root 11241100x8000000000000000695341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b48dd213e4cb4352023-02-07 15:11:06.097root 11241100x8000000000000000695340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3611e8b2850f30f52023-02-07 15:11:06.097root 11241100x8000000000000000695339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a380f85468c2f6102023-02-07 15:11:06.097root 11241100x8000000000000000695338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf17c605a9d5e82023-02-07 15:11:06.097root 11241100x8000000000000000695337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec86c041578c59f72023-02-07 15:11:06.097root 11241100x8000000000000000695336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870aaf446b5f4a3c2023-02-07 15:11:06.097root 11241100x8000000000000000695335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3775f8caeba051c2023-02-07 15:11:06.097root 11241100x8000000000000000695334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988b44b089af8b3f2023-02-07 15:11:06.097root 11241100x8000000000000000695333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8597c02825d733b52023-02-07 15:11:06.097root 11241100x8000000000000000695358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32642638f12002ef2023-02-07 15:11:06.098root 11241100x8000000000000000695357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac19b112ac970042023-02-07 15:11:06.098root 11241100x8000000000000000695356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7c8faaa133b92a2023-02-07 15:11:06.098root 11241100x8000000000000000695355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769fb9d32a22e542023-02-07 15:11:06.098root 11241100x8000000000000000695354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc92133df255352023-02-07 15:11:06.098root 11241100x8000000000000000695353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6119ab887dca8b1e2023-02-07 15:11:06.098root 11241100x8000000000000000695352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83be2adf6f8beb92023-02-07 15:11:06.098root 11241100x8000000000000000695351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f9def3abb0ecf2023-02-07 15:11:06.098root 11241100x8000000000000000695350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdce443556c3d9b2023-02-07 15:11:06.098root 11241100x8000000000000000695349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19af5a9d4c7b48022023-02-07 15:11:06.098root 11241100x8000000000000000695348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91c047b4859beba2023-02-07 15:11:06.098root 11241100x8000000000000000695347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4b0f7cdc84a6132023-02-07 15:11:06.098root 11241100x8000000000000000695346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b239604e4dcd40322023-02-07 15:11:06.098root 11241100x8000000000000000695345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2112d1ee8fe6cdae2023-02-07 15:11:06.098root 11241100x8000000000000000695344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c7009dca499c12023-02-07 15:11:06.098root 11241100x8000000000000000695359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7313f31cf8ecbc2023-02-07 15:11:06.099root 11241100x8000000000000000695363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500754ead3584dbf2023-02-07 15:11:06.595root 11241100x8000000000000000695362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14452aa30ef663e52023-02-07 15:11:06.595root 11241100x8000000000000000695361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e2cd21562b9d32023-02-07 15:11:06.595root 11241100x8000000000000000695360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4516baa84e0975c2023-02-07 15:11:06.595root 11241100x8000000000000000695370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a328397d04b42e62023-02-07 15:11:06.596root 11241100x8000000000000000695369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb6220e8785a1322023-02-07 15:11:06.596root 11241100x8000000000000000695368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f2cb5b06ed3e52023-02-07 15:11:06.596root 11241100x8000000000000000695367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b3b2821fa673e42023-02-07 15:11:06.596root 11241100x8000000000000000695366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5c6427be1a2ab2023-02-07 15:11:06.596root 11241100x8000000000000000695365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada678d21f624d2f2023-02-07 15:11:06.596root 11241100x8000000000000000695364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170a8a08dbf8b34a2023-02-07 15:11:06.596root 11241100x8000000000000000695375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db16d99fcc1f8aad2023-02-07 15:11:06.597root 11241100x8000000000000000695374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58f970050c550232023-02-07 15:11:06.597root 11241100x8000000000000000695373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf056f9b78c90c42023-02-07 15:11:06.597root 11241100x8000000000000000695372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b6369df08018e2023-02-07 15:11:06.597root 11241100x8000000000000000695371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed15b5fa628119b2023-02-07 15:11:06.597root 11241100x8000000000000000695381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202edbfa7d96b392023-02-07 15:11:06.598root 11241100x8000000000000000695380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb156094812294782023-02-07 15:11:06.598root 11241100x8000000000000000695379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2537e35b62ee30892023-02-07 15:11:06.598root 11241100x8000000000000000695378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a9f534bd64fcb12023-02-07 15:11:06.598root 11241100x8000000000000000695377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e157f1c2c444297d2023-02-07 15:11:06.598root 11241100x8000000000000000695376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd717e5f974549f22023-02-07 15:11:06.598root 11241100x8000000000000000695387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee431094a3823be2023-02-07 15:11:06.599root 11241100x8000000000000000695386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7818d4720a252f2023-02-07 15:11:06.599root 11241100x8000000000000000695385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270ea74da1fb7292023-02-07 15:11:06.599root 11241100x8000000000000000695384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3475171f0cf2b8a72023-02-07 15:11:06.599root 11241100x8000000000000000695383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f49b3d380dd2e2023-02-07 15:11:06.599root 11241100x8000000000000000695382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fdcd78cb4d60c92023-02-07 15:11:06.599root 11241100x8000000000000000695390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d167514352a742023-02-07 15:11:06.600root 11241100x8000000000000000695389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ddd578e1ec9612023-02-07 15:11:06.600root 11241100x8000000000000000695388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e935eb712c5c62592023-02-07 15:11:06.600root 11241100x8000000000000000695392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc9a888903f9d9a2023-02-07 15:11:06.601root 11241100x8000000000000000695391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f69d6604ac8a772023-02-07 15:11:06.601root 11241100x8000000000000000695394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f552a6023777eb962023-02-07 15:11:07.095root 11241100x8000000000000000695393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb23a7e7d20fc732023-02-07 15:11:07.095root 11241100x8000000000000000695397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c90ec8baba357f2023-02-07 15:11:07.096root 11241100x8000000000000000695396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f8183b5b2224b52023-02-07 15:11:07.096root 11241100x8000000000000000695395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafdd117a6ca69462023-02-07 15:11:07.096root 11241100x8000000000000000695402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc1137682fe7792023-02-07 15:11:07.097root 11241100x8000000000000000695401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c478b17555cde2023-02-07 15:11:07.097root 11241100x8000000000000000695400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985e0835e87933d2023-02-07 15:11:07.097root 11241100x8000000000000000695399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd03f0f914b4edd2023-02-07 15:11:07.097root 11241100x8000000000000000695398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e309848232144e2023-02-07 15:11:07.097root 11241100x8000000000000000695411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78ca305b73c49982023-02-07 15:11:07.098root 11241100x8000000000000000695410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3e34f776a3b94f2023-02-07 15:11:07.098root 11241100x8000000000000000695409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46952affd6590cdc2023-02-07 15:11:07.098root 11241100x8000000000000000695408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fefd068455ac3b2023-02-07 15:11:07.098root 11241100x8000000000000000695407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13b52dbc4795e72023-02-07 15:11:07.098root 11241100x8000000000000000695406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10bcd09d83b161b2023-02-07 15:11:07.098root 11241100x8000000000000000695405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67475248b86aef792023-02-07 15:11:07.098root 11241100x8000000000000000695404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31610b39cb6edb1f2023-02-07 15:11:07.098root 11241100x8000000000000000695403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ec5551f9e34f242023-02-07 15:11:07.098root 11241100x8000000000000000695417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6021328afd138b2023-02-07 15:11:07.099root 11241100x8000000000000000695416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f20de8772dd0562023-02-07 15:11:07.099root 11241100x8000000000000000695415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9a8571388c2302023-02-07 15:11:07.099root 11241100x8000000000000000695414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36654eef4fb25cd82023-02-07 15:11:07.099root 11241100x8000000000000000695413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8432e5c65064fa882023-02-07 15:11:07.099root 11241100x8000000000000000695412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92e817ce350b6b2023-02-07 15:11:07.099root 11241100x8000000000000000695422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06e7c434a20d562023-02-07 15:11:07.100root 11241100x8000000000000000695421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab3c28831606e602023-02-07 15:11:07.100root 11241100x8000000000000000695420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170028b8bc7ef222023-02-07 15:11:07.100root 11241100x8000000000000000695419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733dee876071ca762023-02-07 15:11:07.100root 11241100x8000000000000000695418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e71a72c97cc522023-02-07 15:11:07.100root 11241100x8000000000000000695426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426747b8ab5e0ea22023-02-07 15:11:07.595root 11241100x8000000000000000695425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300cf6aba56721b2023-02-07 15:11:07.595root 11241100x8000000000000000695424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef619a6b6632bad42023-02-07 15:11:07.595root 11241100x8000000000000000695423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157ebca3b1e21f172023-02-07 15:11:07.595root 11241100x8000000000000000695434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3088cd5d4103f2c82023-02-07 15:11:07.596root 11241100x8000000000000000695433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce10906c4f279b02023-02-07 15:11:07.596root 11241100x8000000000000000695432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268a0eff07303f902023-02-07 15:11:07.596root 11241100x8000000000000000695431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1532a39ff2dd17c2023-02-07 15:11:07.596root 11241100x8000000000000000695430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165e8b75a66693b2023-02-07 15:11:07.596root 11241100x8000000000000000695429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494618971eef946c2023-02-07 15:11:07.596root 11241100x8000000000000000695428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb1a3ec938f8db2023-02-07 15:11:07.596root 11241100x8000000000000000695427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130b634975b00d52023-02-07 15:11:07.596root 11241100x8000000000000000695438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe76992cc8b79b22023-02-07 15:11:07.597root 11241100x8000000000000000695437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc38043dc85f6772023-02-07 15:11:07.597root 11241100x8000000000000000695436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981e99e174ca7c32023-02-07 15:11:07.597root 11241100x8000000000000000695435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706eccfc2e11ad92023-02-07 15:11:07.597root 11241100x8000000000000000695442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308988f8aa5618b82023-02-07 15:11:07.598root 11241100x8000000000000000695441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7dce03876003a2023-02-07 15:11:07.598root 11241100x8000000000000000695440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17bff9babb9d4e2023-02-07 15:11:07.598root 11241100x8000000000000000695439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9915606d6c27d672023-02-07 15:11:07.598root 11241100x8000000000000000695445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8548c3fd3464f9402023-02-07 15:11:07.599root 11241100x8000000000000000695444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897afcf1ede77172023-02-07 15:11:07.599root 11241100x8000000000000000695443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d848e5e9d4b602023-02-07 15:11:07.599root 11241100x8000000000000000695449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55664a0361a019e62023-02-07 15:11:07.600root 11241100x8000000000000000695448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b30a49cd052b862023-02-07 15:11:07.600root 11241100x8000000000000000695447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7901465e47711ef62023-02-07 15:11:07.600root 11241100x8000000000000000695446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd73b6e0103c6362023-02-07 15:11:07.600root 11241100x8000000000000000695452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022f525a689b3b02023-02-07 15:11:07.601root 11241100x8000000000000000695451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b2db3564e1f1552023-02-07 15:11:07.601root 11241100x8000000000000000695450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f36f84d4e05e482023-02-07 15:11:07.601root 11241100x8000000000000000695454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e0e963d32ee1f2023-02-07 15:11:07.602root 11241100x8000000000000000695453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c9f6a0c006f3712023-02-07 15:11:07.602root 11241100x8000000000000000695455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d6589ba5ac35032023-02-07 15:11:07.603root 11241100x8000000000000000695458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526ec280b035c93c2023-02-07 15:11:07.604root 11241100x8000000000000000695457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c3b41f49386de32023-02-07 15:11:07.604root 11241100x8000000000000000695456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fe0c2feea891342023-02-07 15:11:07.604root 11241100x8000000000000000695460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b9bae700eae342023-02-07 15:11:07.605root 11241100x8000000000000000695459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fb7c443dd13572023-02-07 15:11:07.605root 11241100x8000000000000000695462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2225efc3cb4a392023-02-07 15:11:08.095root 11241100x8000000000000000695461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d55db8059e365962023-02-07 15:11:08.095root 11241100x8000000000000000695466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04004d5f0a217302023-02-07 15:11:08.096root 11241100x8000000000000000695465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c184d0fb0eb342023-02-07 15:11:08.096root 11241100x8000000000000000695464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e98633ae2db153e2023-02-07 15:11:08.096root 11241100x8000000000000000695463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a435de0e3dc8d2023-02-07 15:11:08.096root 11241100x8000000000000000695470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06db373efcce5a42023-02-07 15:11:08.097root 11241100x8000000000000000695469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e97c5f604837d92023-02-07 15:11:08.097root 11241100x8000000000000000695468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6228aefc33d16b2023-02-07 15:11:08.097root 11241100x8000000000000000695467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fead3ae55dd9aab22023-02-07 15:11:08.097root 11241100x8000000000000000695473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac8136f5425be1a2023-02-07 15:11:08.098root 11241100x8000000000000000695472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bc95b6bb59f1662023-02-07 15:11:08.098root 11241100x8000000000000000695471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a50073c32d6e8b42023-02-07 15:11:08.098root 11241100x8000000000000000695474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85db087dcb63d712023-02-07 15:11:08.099root 11241100x8000000000000000695476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ab615054fe08eb2023-02-07 15:11:08.100root 11241100x8000000000000000695475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bcfe77fb1dc392023-02-07 15:11:08.100root 11241100x8000000000000000695478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abbcd33efc090072023-02-07 15:11:08.101root 11241100x8000000000000000695477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa34e35965b9d832023-02-07 15:11:08.101root 11241100x8000000000000000695480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a84417725c14a92023-02-07 15:11:08.102root 11241100x8000000000000000695479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddc33ff4b27cbf2023-02-07 15:11:08.102root 11241100x8000000000000000695482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dec04aae8eeca62023-02-07 15:11:08.103root 11241100x8000000000000000695481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c52194af7436f2023-02-07 15:11:08.103root 11241100x8000000000000000695488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a843594401ece332023-02-07 15:11:08.104root 11241100x8000000000000000695487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c7eda2596e0f22023-02-07 15:11:08.104root 11241100x8000000000000000695486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a782e943d2b672e2023-02-07 15:11:08.104root 11241100x8000000000000000695485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0069c134eb69402023-02-07 15:11:08.104root 11241100x8000000000000000695484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff9f70c47412d392023-02-07 15:11:08.104root 11241100x8000000000000000695483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf1db130040d142023-02-07 15:11:08.104root 11241100x8000000000000000695492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378352b9758a359c2023-02-07 15:11:08.105root 11241100x8000000000000000695491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79457dd6fd3791f22023-02-07 15:11:08.105root 11241100x8000000000000000695490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86df3b0aaa02876f2023-02-07 15:11:08.105root 11241100x8000000000000000695489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4372d7efb013ca62023-02-07 15:11:08.105root 11241100x8000000000000000695495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac248f7e3f966e1f2023-02-07 15:11:08.595root 11241100x8000000000000000695494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ab71a20207770e2023-02-07 15:11:08.595root 11241100x8000000000000000695493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1e0b123917856f2023-02-07 15:11:08.595root 11241100x8000000000000000695502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20290f08e824cab92023-02-07 15:11:08.596root 11241100x8000000000000000695501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4460d0409413f2023-02-07 15:11:08.596root 11241100x8000000000000000695500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3067b460630d904b2023-02-07 15:11:08.596root 11241100x8000000000000000695499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eacf6108d462f62023-02-07 15:11:08.596root 11241100x8000000000000000695498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a3bcbe31c36e92023-02-07 15:11:08.596root 11241100x8000000000000000695497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb7af089c90075f2023-02-07 15:11:08.596root 11241100x8000000000000000695496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67c051fe965f2b2023-02-07 15:11:08.596root 11241100x8000000000000000695508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e512074266d74c2023-02-07 15:11:08.597root 11241100x8000000000000000695507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7f50d914e55062023-02-07 15:11:08.597root 11241100x8000000000000000695506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384846d314410a692023-02-07 15:11:08.597root 11241100x8000000000000000695505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9600e3a93d2070e72023-02-07 15:11:08.597root 11241100x8000000000000000695504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d87f639fb7d53a2023-02-07 15:11:08.597root 11241100x8000000000000000695503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1290d893e3d18d622023-02-07 15:11:08.597root 11241100x8000000000000000695515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee840ec58c3b4192023-02-07 15:11:08.598root 11241100x8000000000000000695514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7490450c7cee6e2023-02-07 15:11:08.598root 11241100x8000000000000000695513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1168c469f20ac0152023-02-07 15:11:08.598root 11241100x8000000000000000695512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f63cbcbb463df172023-02-07 15:11:08.598root 11241100x8000000000000000695511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d6fa33e0e9f8872023-02-07 15:11:08.598root 11241100x8000000000000000695510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2bf06d457417e22023-02-07 15:11:08.598root 11241100x8000000000000000695509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298979ceb77a638c2023-02-07 15:11:08.598root 11241100x8000000000000000695523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a6c1347dcef342023-02-07 15:11:08.599root 11241100x8000000000000000695522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024c6beb8ed1b612023-02-07 15:11:08.599root 11241100x8000000000000000695521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3118d70eadb71392023-02-07 15:11:08.599root 11241100x8000000000000000695520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2fdfd6c3b0bdf2023-02-07 15:11:08.599root 11241100x8000000000000000695519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc499700ed0d1b782023-02-07 15:11:08.599root 11241100x8000000000000000695518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f592c7fdf94582023-02-07 15:11:08.599root 11241100x8000000000000000695517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4e3a71dbac76e2023-02-07 15:11:08.599root 11241100x8000000000000000695516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42f3876b8625872023-02-07 15:11:08.599root 11241100x8000000000000000695525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265195681605e8852023-02-07 15:11:08.600root 11241100x8000000000000000695524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c104d4b1157554a2023-02-07 15:11:08.600root 354300x8000000000000000695526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.062{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60850-false10.0.1.12-8000- 11241100x8000000000000000695533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739ddedb8d3317f2023-02-07 15:11:09.063root 11241100x8000000000000000695532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4f16e7689aad832023-02-07 15:11:09.063root 11241100x8000000000000000695531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86c973caabb50192023-02-07 15:11:09.063root 11241100x8000000000000000695530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753cd659f12e7212023-02-07 15:11:09.063root 11241100x8000000000000000695529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d220ad60f939b92023-02-07 15:11:09.063root 11241100x8000000000000000695528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1b89e46a7a4c72023-02-07 15:11:09.063root 11241100x8000000000000000695527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb92b44f68a67f42023-02-07 15:11:09.063root 11241100x8000000000000000695545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d210731643fb4f32023-02-07 15:11:09.064root 11241100x8000000000000000695544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850edd403c2ef9952023-02-07 15:11:09.064root 11241100x8000000000000000695543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889bc82f4f4198812023-02-07 15:11:09.064root 11241100x8000000000000000695542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b68e8d512ae598a2023-02-07 15:11:09.064root 11241100x8000000000000000695541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bead2470396226c2023-02-07 15:11:09.064root 11241100x8000000000000000695540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e73cbee24e381f2023-02-07 15:11:09.064root 11241100x8000000000000000695539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47cdcde869468c52023-02-07 15:11:09.064root 11241100x8000000000000000695538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d74b4465e0d3a2023-02-07 15:11:09.064root 11241100x8000000000000000695537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bec09b4f6a67782023-02-07 15:11:09.064root 11241100x8000000000000000695536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac939fee204c9be02023-02-07 15:11:09.064root 11241100x8000000000000000695535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68918c425f2e4c252023-02-07 15:11:09.064root 11241100x8000000000000000695534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d402e487f073a3f2023-02-07 15:11:09.064root 11241100x8000000000000000695549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a03a4536fa4e5c2023-02-07 15:11:09.065root 11241100x8000000000000000695548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec5f93eb125d2152023-02-07 15:11:09.065root 11241100x8000000000000000695547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54633802213ff7232023-02-07 15:11:09.065root 11241100x8000000000000000695546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c6fd7fda722532023-02-07 15:11:09.065root 11241100x8000000000000000695553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc6a672943b387b2023-02-07 15:11:09.066root 11241100x8000000000000000695552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdc4c8c31dfef3b2023-02-07 15:11:09.066root 11241100x8000000000000000695551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06233e854ab4dfc72023-02-07 15:11:09.066root 11241100x8000000000000000695550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7173609ca8457e2023-02-07 15:11:09.066root 11241100x8000000000000000695561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e113523d3269ae2023-02-07 15:11:09.067root 11241100x8000000000000000695560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a25018e2d14b49b2023-02-07 15:11:09.067root 11241100x8000000000000000695559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98f35ad36672ed2023-02-07 15:11:09.067root 11241100x8000000000000000695558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821f6a775c9be6352023-02-07 15:11:09.067root 11241100x8000000000000000695557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18465d1ec539219a2023-02-07 15:11:09.067root 11241100x8000000000000000695556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f6dee442137c02023-02-07 15:11:09.067root 11241100x8000000000000000695555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2a3a3067aa6402023-02-07 15:11:09.067root 11241100x8000000000000000695554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851707a047ab8a672023-02-07 15:11:09.067root 11241100x8000000000000000695566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7605067d60691d82023-02-07 15:11:09.068root 11241100x8000000000000000695565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40a8a0c8b58c302023-02-07 15:11:09.068root 11241100x8000000000000000695564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5cc06bcf8199ab2023-02-07 15:11:09.068root 11241100x8000000000000000695563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8355fb1ebee594db2023-02-07 15:11:09.068root 11241100x8000000000000000695562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c342a2b3a77f598e2023-02-07 15:11:09.068root 11241100x8000000000000000695569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e6df58f757e0c2023-02-07 15:11:09.069root 11241100x8000000000000000695568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3f1ec7ddbff8972023-02-07 15:11:09.069root 11241100x8000000000000000695567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65baf68d3fe77d42023-02-07 15:11:09.069root 11241100x8000000000000000695574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6648c6ec590f8bf2023-02-07 15:11:09.346root 11241100x8000000000000000695573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f208a4a1f6d2df5d2023-02-07 15:11:09.346root 11241100x8000000000000000695572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41292e1b1951234c2023-02-07 15:11:09.346root 11241100x8000000000000000695571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68d486cfff18312023-02-07 15:11:09.346root 11241100x8000000000000000695570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79513ca95594f3f42023-02-07 15:11:09.346root 11241100x8000000000000000695579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756732e4e22cd98a2023-02-07 15:11:09.347root 11241100x8000000000000000695578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe790321622a692023-02-07 15:11:09.347root 11241100x8000000000000000695577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f780f29ab3742b2023-02-07 15:11:09.347root 11241100x8000000000000000695576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038122bd503c018e2023-02-07 15:11:09.347root 11241100x8000000000000000695575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9da97289f8c6a2023-02-07 15:11:09.347root 11241100x8000000000000000695584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988cac270ae48dc2023-02-07 15:11:09.348root 11241100x8000000000000000695583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e851c7feee64bd8f2023-02-07 15:11:09.348root 11241100x8000000000000000695582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70acf4734e0edff72023-02-07 15:11:09.348root 11241100x8000000000000000695581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74605c28ed0cadee2023-02-07 15:11:09.348root 11241100x8000000000000000695580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e7aafd3e3ab0e2023-02-07 15:11:09.348root 11241100x8000000000000000695588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1fa9734d28c6f2023-02-07 15:11:09.349root 11241100x8000000000000000695587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65eccab64aabad32023-02-07 15:11:09.349root 11241100x8000000000000000695586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9545ee2182e6632023-02-07 15:11:09.349root 11241100x8000000000000000695585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c31253db9518c2023-02-07 15:11:09.349root 11241100x8000000000000000695595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87444e3e14849812023-02-07 15:11:09.350root 11241100x8000000000000000695594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1befcf67cc27d72023-02-07 15:11:09.350root 11241100x8000000000000000695593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3f50644ff4818a2023-02-07 15:11:09.350root 11241100x8000000000000000695592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf79afef4b60b722023-02-07 15:11:09.350root 11241100x8000000000000000695591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0827c7dade6fce22023-02-07 15:11:09.350root 11241100x8000000000000000695590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bdf08cb0e7bc902023-02-07 15:11:09.350root 11241100x8000000000000000695589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429abbee42b9264a2023-02-07 15:11:09.350root 11241100x8000000000000000695598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868b372ba1b6d732023-02-07 15:11:09.351root 11241100x8000000000000000695597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c6ccbd0f474e42023-02-07 15:11:09.351root 11241100x8000000000000000695596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3119a4cbbe205b012023-02-07 15:11:09.351root 11241100x8000000000000000695599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73e36dcc14267942023-02-07 15:11:09.845root 11241100x8000000000000000695602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3be94040712522023-02-07 15:11:09.846root 11241100x8000000000000000695601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf0fd9c108f1a52023-02-07 15:11:09.846root 11241100x8000000000000000695600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a893c44f357036e2023-02-07 15:11:09.846root 11241100x8000000000000000695605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e55d485329362f2023-02-07 15:11:09.847root 11241100x8000000000000000695604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d67353cbf4c2a32023-02-07 15:11:09.847root 11241100x8000000000000000695603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7404056ba9ad6b292023-02-07 15:11:09.847root 11241100x8000000000000000695612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d31054661eb922023-02-07 15:11:09.848root 11241100x8000000000000000695611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7319633d34b97122023-02-07 15:11:09.848root 11241100x8000000000000000695610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5237e63f9dd6b972023-02-07 15:11:09.848root 11241100x8000000000000000695609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02fe849cf7b29a22023-02-07 15:11:09.848root 11241100x8000000000000000695608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0344a4f8c0a47a82023-02-07 15:11:09.848root 11241100x8000000000000000695607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f53fffbac4ba22023-02-07 15:11:09.848root 11241100x8000000000000000695606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4662e28fd6305e822023-02-07 15:11:09.848root 11241100x8000000000000000695619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3774d3320596e3222023-02-07 15:11:09.849root 11241100x8000000000000000695618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b5f99314a279d2023-02-07 15:11:09.849root 11241100x8000000000000000695617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1480597941d612c2023-02-07 15:11:09.849root 11241100x8000000000000000695616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e576fe5e5dda8562023-02-07 15:11:09.849root 11241100x8000000000000000695615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79893926d368a2162023-02-07 15:11:09.849root 11241100x8000000000000000695614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaac77f8f880e1b2023-02-07 15:11:09.849root 11241100x8000000000000000695613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6ccace4aab0702023-02-07 15:11:09.849root 11241100x8000000000000000695626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736f436ef940b74a2023-02-07 15:11:09.850root 11241100x8000000000000000695625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f8a50d8af3ac892023-02-07 15:11:09.850root 11241100x8000000000000000695624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685472651cfcc6e2023-02-07 15:11:09.850root 11241100x8000000000000000695623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e24b85f09baf82023-02-07 15:11:09.850root 11241100x8000000000000000695622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aeabaa5b1138f52023-02-07 15:11:09.850root 11241100x8000000000000000695621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0e1ddee34311c52023-02-07 15:11:09.850root 11241100x8000000000000000695620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99740fa9e569b862023-02-07 15:11:09.850root 11241100x8000000000000000695628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ecf3bdc349afc2023-02-07 15:11:09.851root 11241100x8000000000000000695627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fefd9b38b00d4a2023-02-07 15:11:09.851root 11241100x8000000000000000695632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2080bbc0e2b83b02023-02-07 15:11:10.346root 11241100x8000000000000000695631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e08814f1c4d592023-02-07 15:11:10.346root 11241100x8000000000000000695630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa83550c1e9af672023-02-07 15:11:10.346root 11241100x8000000000000000695629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405d25ee78f2bfe2023-02-07 15:11:10.346root 11241100x8000000000000000695645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e4d7003f56e882023-02-07 15:11:10.347root 11241100x8000000000000000695644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94faf1eae07bd6122023-02-07 15:11:10.347root 11241100x8000000000000000695643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9309a69b188a362023-02-07 15:11:10.347root 11241100x8000000000000000695642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3cb9e552ee6702023-02-07 15:11:10.347root 11241100x8000000000000000695641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe37fc4f7b843a2023-02-07 15:11:10.347root 11241100x8000000000000000695640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e813421e244a0962023-02-07 15:11:10.347root 11241100x8000000000000000695639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d600a1f7d8047b332023-02-07 15:11:10.347root 11241100x8000000000000000695638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fda69c200b17a2023-02-07 15:11:10.347root 11241100x8000000000000000695637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9107371fe23fef4f2023-02-07 15:11:10.347root 11241100x8000000000000000695636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f2989879d9ab702023-02-07 15:11:10.347root 11241100x8000000000000000695635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820dd153bec62e392023-02-07 15:11:10.347root 11241100x8000000000000000695634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ea9f0344b462f2023-02-07 15:11:10.347root 11241100x8000000000000000695633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d784e31ad11dcb92023-02-07 15:11:10.347root 11241100x8000000000000000695655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e973fb34a17152023-02-07 15:11:10.348root 11241100x8000000000000000695654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8acb0ec429e9d192023-02-07 15:11:10.348root 11241100x8000000000000000695653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb130bbc9094622023-02-07 15:11:10.348root 11241100x8000000000000000695652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d524af7bf60d32212023-02-07 15:11:10.348root 11241100x8000000000000000695651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb038c1595b22cf2023-02-07 15:11:10.348root 11241100x8000000000000000695650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f20821b55a33802023-02-07 15:11:10.348root 11241100x8000000000000000695649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19121f4993ddd0f02023-02-07 15:11:10.348root 11241100x8000000000000000695648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8431af89fa62c3112023-02-07 15:11:10.348root 11241100x8000000000000000695647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600860b8520503c32023-02-07 15:11:10.348root 11241100x8000000000000000695646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce493462cfa42af32023-02-07 15:11:10.348root 11241100x8000000000000000695656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0166aad66c7df32023-02-07 15:11:10.349root 11241100x8000000000000000695657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82973951f65e36fb2023-02-07 15:11:10.350root 11241100x8000000000000000695665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0be0c3734a1b02023-02-07 15:11:10.846root 11241100x8000000000000000695664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f602baadd8080e302023-02-07 15:11:10.846root 11241100x8000000000000000695663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4367bec1cadd42023-02-07 15:11:10.846root 11241100x8000000000000000695662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c9cbbde6bc83272023-02-07 15:11:10.846root 11241100x8000000000000000695661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646031530d9038c72023-02-07 15:11:10.846root 11241100x8000000000000000695660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c454eb376e44ea2023-02-07 15:11:10.846root 11241100x8000000000000000695659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece0ca56f3e7e8fe2023-02-07 15:11:10.846root 11241100x8000000000000000695658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e63b21e1942c1e42023-02-07 15:11:10.846root 11241100x8000000000000000695670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103922cc2055a71a2023-02-07 15:11:10.847root 11241100x8000000000000000695669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20f913bee4584a02023-02-07 15:11:10.847root 11241100x8000000000000000695668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb222a8f13bb332023-02-07 15:11:10.847root 11241100x8000000000000000695667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d5d004ad1abed2023-02-07 15:11:10.847root 11241100x8000000000000000695666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28d497332b5757c2023-02-07 15:11:10.847root 11241100x8000000000000000695680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe18dd6044db6082023-02-07 15:11:10.848root 11241100x8000000000000000695679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d02c0bd66d559c2023-02-07 15:11:10.848root 11241100x8000000000000000695678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6b2ca127666282023-02-07 15:11:10.848root 11241100x8000000000000000695677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1af18872200bf742023-02-07 15:11:10.848root 11241100x8000000000000000695676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531de1aba57883f82023-02-07 15:11:10.848root 11241100x8000000000000000695675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a33e94a3a4627612023-02-07 15:11:10.848root 11241100x8000000000000000695674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4685755b566a05d2023-02-07 15:11:10.848root 11241100x8000000000000000695673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92706edc7fed541f2023-02-07 15:11:10.848root 11241100x8000000000000000695672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9505cf85b39a1e2023-02-07 15:11:10.848root 11241100x8000000000000000695671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7eff5db8fe9c682023-02-07 15:11:10.848root 11241100x8000000000000000695686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167927ca22ef7caf2023-02-07 15:11:10.849root 11241100x8000000000000000695685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbf068392ea0e9a2023-02-07 15:11:10.849root 11241100x8000000000000000695684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6446a99bd83612fa2023-02-07 15:11:10.849root 11241100x8000000000000000695683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12d65cb57707bca2023-02-07 15:11:10.849root 11241100x8000000000000000695682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4afe42ece21a102023-02-07 15:11:10.849root 11241100x8000000000000000695681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0771d2fd4f054902023-02-07 15:11:10.849root 11241100x8000000000000000695688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799a4f55ebfc9352023-02-07 15:11:11.346root 11241100x8000000000000000695687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ccaf31a9fc1962023-02-07 15:11:11.346root 11241100x8000000000000000695692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09578d9f790a48b2023-02-07 15:11:11.347root 11241100x8000000000000000695691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484a710722e0cf2e2023-02-07 15:11:11.347root 11241100x8000000000000000695690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2480f86cfe6dd2023-02-07 15:11:11.347root 11241100x8000000000000000695689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1522cdc656c15c762023-02-07 15:11:11.347root 11241100x8000000000000000695693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6af5707f38f9e2023-02-07 15:11:11.348root 11241100x8000000000000000695694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da0860027dbd732023-02-07 15:11:11.349root 11241100x8000000000000000695695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df717de9eff247362023-02-07 15:11:11.350root 11241100x8000000000000000695697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b952f04c090f29352023-02-07 15:11:11.351root 11241100x8000000000000000695696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5dfdfc17628322023-02-07 15:11:11.351root 11241100x8000000000000000695700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d0f7684b2b63492023-02-07 15:11:11.352root 11241100x8000000000000000695699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118421bb4c275f672023-02-07 15:11:11.352root 11241100x8000000000000000695698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e74b79900605de2023-02-07 15:11:11.352root 11241100x8000000000000000695703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640e583cf35e667b2023-02-07 15:11:11.353root 11241100x8000000000000000695702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a9dce9be7045492023-02-07 15:11:11.353root 11241100x8000000000000000695701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7afe292c682772023-02-07 15:11:11.353root 11241100x8000000000000000695704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9190496e23e7ff3e2023-02-07 15:11:11.355root 11241100x8000000000000000695713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e238d8f31600c70a2023-02-07 15:11:11.356root 11241100x8000000000000000695712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090800ad315b47042023-02-07 15:11:11.356root 11241100x8000000000000000695711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea10ab11fe834652023-02-07 15:11:11.356root 11241100x8000000000000000695710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f590938328425342023-02-07 15:11:11.356root 11241100x8000000000000000695709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82ef618a129fe82023-02-07 15:11:11.356root 11241100x8000000000000000695708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5923522a8e9222023-02-07 15:11:11.356root 11241100x8000000000000000695707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b9b667f1fff8c12023-02-07 15:11:11.356root 11241100x8000000000000000695706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ddd6aa0fd3233a2023-02-07 15:11:11.356root 11241100x8000000000000000695705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c31d94e27cf4a062023-02-07 15:11:11.356root 11241100x8000000000000000695715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a7908b88d6ea132023-02-07 15:11:11.357root 11241100x8000000000000000695714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab1022557d1efd2023-02-07 15:11:11.357root 11241100x8000000000000000695722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7288f07867ea1c0a2023-02-07 15:11:11.846root 11241100x8000000000000000695721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0adab0e6d6df5c72023-02-07 15:11:11.846root 11241100x8000000000000000695720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06381fb16870a4792023-02-07 15:11:11.846root 11241100x8000000000000000695719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f5752acac715dd2023-02-07 15:11:11.846root 11241100x8000000000000000695718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34ca968cb9a96a32023-02-07 15:11:11.846root 11241100x8000000000000000695717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37b5d17e3a833d2023-02-07 15:11:11.846root 11241100x8000000000000000695716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdd39f6da3f5ac12023-02-07 15:11:11.846root 11241100x8000000000000000695728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad64f8414aa34e2023-02-07 15:11:11.847root 11241100x8000000000000000695727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34885d737a7f05b2023-02-07 15:11:11.847root 11241100x8000000000000000695726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbd2a4d80e7a6f62023-02-07 15:11:11.847root 11241100x8000000000000000695725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e3f228b0f9f032023-02-07 15:11:11.847root 11241100x8000000000000000695724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd00524b628af3a2023-02-07 15:11:11.847root 11241100x8000000000000000695723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0700ea9ec73e12023-02-07 15:11:11.847root 11241100x8000000000000000695742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed95778938f8cb472023-02-07 15:11:11.848root 11241100x8000000000000000695741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0036fd5c8e5717582023-02-07 15:11:11.848root 11241100x8000000000000000695740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139c8bc6219d38a82023-02-07 15:11:11.848root 11241100x8000000000000000695739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8d3c12d16e4d42023-02-07 15:11:11.848root 11241100x8000000000000000695738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e47ca892cb6382023-02-07 15:11:11.848root 11241100x8000000000000000695737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59faced859e7ae02023-02-07 15:11:11.848root 11241100x8000000000000000695736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6573db7e9eed9a62023-02-07 15:11:11.848root 11241100x8000000000000000695735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1959ca8376716c2023-02-07 15:11:11.848root 11241100x8000000000000000695734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7608d4a55cafa302023-02-07 15:11:11.848root 11241100x8000000000000000695733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef700efd570f062023-02-07 15:11:11.848root 11241100x8000000000000000695732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba704b8c043e6ed2023-02-07 15:11:11.848root 11241100x8000000000000000695731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196bbe8991db4eb52023-02-07 15:11:11.848root 11241100x8000000000000000695730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410fb45c93d6e4b2023-02-07 15:11:11.848root 11241100x8000000000000000695729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323fdb3c29c364ec2023-02-07 15:11:11.848root 11241100x8000000000000000695744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37044d8e28cc6a5e2023-02-07 15:11:11.849root 11241100x8000000000000000695743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ab3ca7bee356c2023-02-07 15:11:11.849root 11241100x8000000000000000695749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c472234f17b462023-02-07 15:11:12.346root 11241100x8000000000000000695748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2268d71ff488c3cd2023-02-07 15:11:12.346root 11241100x8000000000000000695747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ac84fc8fcd4d42023-02-07 15:11:12.346root 11241100x8000000000000000695746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10913cb36dcc5bea2023-02-07 15:11:12.346root 11241100x8000000000000000695745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c23343c09003fb22023-02-07 15:11:12.346root 11241100x8000000000000000695754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baa6fee6b152cfb2023-02-07 15:11:12.347root 11241100x8000000000000000695753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea730b15b3bce9702023-02-07 15:11:12.347root 11241100x8000000000000000695752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f5e1ad6bfbbbc82023-02-07 15:11:12.347root 11241100x8000000000000000695751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44389855d7df4ba2023-02-07 15:11:12.347root 11241100x8000000000000000695750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389c0e93bded02752023-02-07 15:11:12.347root 11241100x8000000000000000695757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70321a8706647662023-02-07 15:11:12.348root 11241100x8000000000000000695756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6c7d1807a2e3c72023-02-07 15:11:12.348root 11241100x8000000000000000695755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b38df34e89da0b2023-02-07 15:11:12.348root 11241100x8000000000000000695758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f948514e065bd552023-02-07 15:11:12.349root 11241100x8000000000000000695765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471268c82ebd19252023-02-07 15:11:12.350root 11241100x8000000000000000695764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2211a3e65c9f362023-02-07 15:11:12.350root 11241100x8000000000000000695763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a34d7eee529392023-02-07 15:11:12.350root 11241100x8000000000000000695762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f7d5ee7279add2023-02-07 15:11:12.350root 11241100x8000000000000000695761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b2499136ef3142023-02-07 15:11:12.350root 11241100x8000000000000000695760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c68134572739282023-02-07 15:11:12.350root 11241100x8000000000000000695759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f31ae28216d862023-02-07 15:11:12.350root 11241100x8000000000000000695771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e546f3b38399d232023-02-07 15:11:12.351root 11241100x8000000000000000695770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5ca1961f1dfe292023-02-07 15:11:12.351root 11241100x8000000000000000695769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a05d449c0bf4ba2023-02-07 15:11:12.351root 11241100x8000000000000000695768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9cad83f68cb342023-02-07 15:11:12.351root 11241100x8000000000000000695767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5c9a41716e83d72023-02-07 15:11:12.351root 11241100x8000000000000000695766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1194225e332c962023-02-07 15:11:12.351root 11241100x8000000000000000695773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331e8f122e7dea52023-02-07 15:11:12.352root 11241100x8000000000000000695772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abed86d99a57e6a52023-02-07 15:11:12.352root 11241100x8000000000000000695778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8741c20a51626152023-02-07 15:11:12.846root 11241100x8000000000000000695777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8703afa932086b162023-02-07 15:11:12.846root 11241100x8000000000000000695776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6592bf2126fff9482023-02-07 15:11:12.846root 11241100x8000000000000000695775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ea5c47610d3b7c2023-02-07 15:11:12.846root 11241100x8000000000000000695774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aea61cc2453fa2d2023-02-07 15:11:12.846root 11241100x8000000000000000695785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f42a2ee77f3cec02023-02-07 15:11:12.847root 11241100x8000000000000000695784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5fa7fe9ea16b52023-02-07 15:11:12.847root 11241100x8000000000000000695783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f99cdf04b93cb2023-02-07 15:11:12.847root 11241100x8000000000000000695782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fda9a9785a8758d2023-02-07 15:11:12.847root 11241100x8000000000000000695781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e664f7180412d2023-02-07 15:11:12.847root 11241100x8000000000000000695780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1142861a39cc039a2023-02-07 15:11:12.847root 11241100x8000000000000000695779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09e838434f600b2023-02-07 15:11:12.847root 11241100x8000000000000000695791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe785a6b2df252942023-02-07 15:11:12.848root 11241100x8000000000000000695790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e837597f618af98e2023-02-07 15:11:12.848root 11241100x8000000000000000695789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943887269353cd142023-02-07 15:11:12.848root 11241100x8000000000000000695788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc536111a19dd322023-02-07 15:11:12.848root 11241100x8000000000000000695787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9d66f59868d42e2023-02-07 15:11:12.848root 11241100x8000000000000000695786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d34b894dce44a2023-02-07 15:11:12.848root 11241100x8000000000000000695797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac6f4ed2a6a8ee2023-02-07 15:11:12.849root 11241100x8000000000000000695796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916864ba7b8f49102023-02-07 15:11:12.849root 11241100x8000000000000000695795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc11c605f98f3d2023-02-07 15:11:12.849root 11241100x8000000000000000695794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de179ce393c679cc2023-02-07 15:11:12.849root 11241100x8000000000000000695793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4275ed91e554882023-02-07 15:11:12.849root 11241100x8000000000000000695792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17db8204beb9d6a2023-02-07 15:11:12.849root 11241100x8000000000000000695801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1668c8116d7c52c72023-02-07 15:11:12.850root 11241100x8000000000000000695800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d362fb4adeb88bc2023-02-07 15:11:12.850root 11241100x8000000000000000695799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f18d712998685a2023-02-07 15:11:12.850root 11241100x8000000000000000695798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56839a5e2daee9ab2023-02-07 15:11:12.850root 11241100x8000000000000000695802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e5bbe96cfa00f12023-02-07 15:11:12.851root 11241100x8000000000000000695809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90379cf86b92530b2023-02-07 15:11:13.346root 11241100x8000000000000000695808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afed1b027480844e2023-02-07 15:11:13.346root 11241100x8000000000000000695807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a709a0413d940cf2023-02-07 15:11:13.346root 11241100x8000000000000000695806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf4e9183a496882023-02-07 15:11:13.346root 11241100x8000000000000000695805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d7b04fe22dee9f2023-02-07 15:11:13.346root 11241100x8000000000000000695804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c6effaf0d173202023-02-07 15:11:13.346root 11241100x8000000000000000695803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d25de5fe78bf122023-02-07 15:11:13.346root 11241100x8000000000000000695813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37214a88807f72a62023-02-07 15:11:13.347root 11241100x8000000000000000695812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174dd9d5a64df2652023-02-07 15:11:13.347root 11241100x8000000000000000695811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04fc0dad07b488d2023-02-07 15:11:13.347root 11241100x8000000000000000695810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca528006b20c42c2023-02-07 15:11:13.347root 11241100x8000000000000000695822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721b377e8c0341682023-02-07 15:11:13.348root 11241100x8000000000000000695821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae763423b9a9f12023-02-07 15:11:13.348root 11241100x8000000000000000695820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fab84c42feeb952023-02-07 15:11:13.348root 11241100x8000000000000000695819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a466e31b8a76d9922023-02-07 15:11:13.348root 11241100x8000000000000000695818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae071611acd7ae2023-02-07 15:11:13.348root 11241100x8000000000000000695817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b13f27b5c46f22023-02-07 15:11:13.348root 11241100x8000000000000000695816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8c35eb686fd872023-02-07 15:11:13.348root 11241100x8000000000000000695815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8036b5e22b850ab2023-02-07 15:11:13.348root 11241100x8000000000000000695814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e3b19be8dfc172023-02-07 15:11:13.348root 11241100x8000000000000000695830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e50ce0ac4bdc8742023-02-07 15:11:13.349root 11241100x8000000000000000695829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa290e8b432a3d702023-02-07 15:11:13.349root 11241100x8000000000000000695828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c66581824e9382023-02-07 15:11:13.349root 11241100x8000000000000000695827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d88285ba3e2c0352023-02-07 15:11:13.349root 11241100x8000000000000000695826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d68969fa98ea42023-02-07 15:11:13.349root 11241100x8000000000000000695825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabaaa69a520a1512023-02-07 15:11:13.349root 11241100x8000000000000000695824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48909ac3542ff9c52023-02-07 15:11:13.349root 11241100x8000000000000000695823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a08bdeeb6baa252023-02-07 15:11:13.349root 11241100x8000000000000000695831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebf149f33f227d02023-02-07 15:11:13.350root 11241100x8000000000000000695835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbca23c20278aff2023-02-07 15:11:13.846root 11241100x8000000000000000695834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb30fefdc9a10c2023-02-07 15:11:13.846root 11241100x8000000000000000695833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f028448c75107c2023-02-07 15:11:13.846root 11241100x8000000000000000695832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28696f95daa2af1d2023-02-07 15:11:13.846root 11241100x8000000000000000695841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2344c9c761eebcfb2023-02-07 15:11:13.847root 11241100x8000000000000000695840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a1e5760a7171562023-02-07 15:11:13.847root 11241100x8000000000000000695839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e37cef90638492023-02-07 15:11:13.847root 11241100x8000000000000000695838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37317d4d18457ff92023-02-07 15:11:13.847root 11241100x8000000000000000695837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb92e7be74b4352023-02-07 15:11:13.847root 11241100x8000000000000000695836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958264f813c3cb4a2023-02-07 15:11:13.847root 11241100x8000000000000000695848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d106ddd05edd56802023-02-07 15:11:13.848root 11241100x8000000000000000695847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d3113513d97e62023-02-07 15:11:13.848root 11241100x8000000000000000695846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51801824a7deaee2023-02-07 15:11:13.848root 11241100x8000000000000000695845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82ec3108b68ef032023-02-07 15:11:13.848root 11241100x8000000000000000695844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b8f28d1f87b7002023-02-07 15:11:13.848root 11241100x8000000000000000695843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4029c7b3977565e2023-02-07 15:11:13.848root 11241100x8000000000000000695842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04d78dc7bb07792023-02-07 15:11:13.848root 11241100x8000000000000000695858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec313ba9d3df65e2023-02-07 15:11:13.849root 11241100x8000000000000000695857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db7e37544253ec72023-02-07 15:11:13.849root 11241100x8000000000000000695856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04381d1cb5482e232023-02-07 15:11:13.849root 11241100x8000000000000000695855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e128c015a837b32023-02-07 15:11:13.849root 11241100x8000000000000000695854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea55cbf14b4e2e82023-02-07 15:11:13.849root 11241100x8000000000000000695853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d69ca30daf0f92023-02-07 15:11:13.849root 11241100x8000000000000000695852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70c8f3f858ec9072023-02-07 15:11:13.849root 11241100x8000000000000000695851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e6db123dc0d3ac2023-02-07 15:11:13.849root 11241100x8000000000000000695850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bba9accaae770322023-02-07 15:11:13.849root 11241100x8000000000000000695849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67361703f29c27c82023-02-07 15:11:13.849root 11241100x8000000000000000695860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ce5a3c5d220f142023-02-07 15:11:13.850root 11241100x8000000000000000695859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c31aa40ff50e062023-02-07 15:11:13.850root 354300x8000000000000000695861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.079{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60856-false10.0.1.12-8000- 11241100x8000000000000000695865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead2c68ea538a702023-02-07 15:11:14.346root 11241100x8000000000000000695864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf11716bc9be4792023-02-07 15:11:14.346root 11241100x8000000000000000695863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e83da6f36b09e7c2023-02-07 15:11:14.346root 11241100x8000000000000000695862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcdd621492228db2023-02-07 15:11:14.346root 11241100x8000000000000000695873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92930d18092c8ed2023-02-07 15:11:14.347root 11241100x8000000000000000695872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e9b5aa1e817c092023-02-07 15:11:14.347root 11241100x8000000000000000695871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5318b63e89a0d0912023-02-07 15:11:14.347root 11241100x8000000000000000695870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27694b60b50384602023-02-07 15:11:14.347root 11241100x8000000000000000695869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae27e352d890cce2023-02-07 15:11:14.347root 11241100x8000000000000000695868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bd7599bf060ee92023-02-07 15:11:14.347root 11241100x8000000000000000695867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23edbb0577b3e83b2023-02-07 15:11:14.347root 11241100x8000000000000000695866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07ba3920b51d89d2023-02-07 15:11:14.347root 11241100x8000000000000000695880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfecb6d5da007b52023-02-07 15:11:14.348root 11241100x8000000000000000695879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2e476d656ee08f2023-02-07 15:11:14.348root 11241100x8000000000000000695878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f1187eb437de72023-02-07 15:11:14.348root 11241100x8000000000000000695877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4422032e547839e2023-02-07 15:11:14.348root 11241100x8000000000000000695876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f62aa5a7e20fc942023-02-07 15:11:14.348root 11241100x8000000000000000695875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616de7ed3ca02bd2023-02-07 15:11:14.348root 11241100x8000000000000000695874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b4947255c870522023-02-07 15:11:14.348root 11241100x8000000000000000695887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abed39508488642023-02-07 15:11:14.349root 11241100x8000000000000000695886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40201c9397ff69492023-02-07 15:11:14.349root 11241100x8000000000000000695885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1c509cd42b8ca2023-02-07 15:11:14.349root 11241100x8000000000000000695884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87807ef72a28972023-02-07 15:11:14.349root 11241100x8000000000000000695883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd363910304faf42023-02-07 15:11:14.349root 11241100x8000000000000000695882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba42ac1b1badcf42023-02-07 15:11:14.349root 11241100x8000000000000000695881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be964cde07498292023-02-07 15:11:14.349root 11241100x8000000000000000695891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728d9155ecb8b7d12023-02-07 15:11:14.350root 11241100x8000000000000000695890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b9dd9257927ebd2023-02-07 15:11:14.350root 11241100x8000000000000000695889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8852346d3b3fa6062023-02-07 15:11:14.350root 11241100x8000000000000000695888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25524691183750a2023-02-07 15:11:14.350root 354300x8000000000000000695892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.532{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42110-false10.0.1.12-8089- 11241100x8000000000000000695896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b772391ccc41a52023-02-07 15:11:14.846root 11241100x8000000000000000695895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3e83f10e4151302023-02-07 15:11:14.846root 11241100x8000000000000000695894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5871f1c0f432c6d42023-02-07 15:11:14.846root 11241100x8000000000000000695893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32a8bf6b17047f2023-02-07 15:11:14.846root 11241100x8000000000000000695904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b3f7be03bac2e12023-02-07 15:11:14.847root 11241100x8000000000000000695903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9ac24bbd6e86512023-02-07 15:11:14.847root 11241100x8000000000000000695902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876e18f6043769602023-02-07 15:11:14.847root 11241100x8000000000000000695901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a4494a5b98ac362023-02-07 15:11:14.847root 11241100x8000000000000000695900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee24b59e113f0b42023-02-07 15:11:14.847root 11241100x8000000000000000695899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a652c5b575e01eb2023-02-07 15:11:14.847root 11241100x8000000000000000695898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c25c3e380513782023-02-07 15:11:14.847root 11241100x8000000000000000695897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5492edced81322bb2023-02-07 15:11:14.847root 11241100x8000000000000000695911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a9e52932f529452023-02-07 15:11:14.848root 11241100x8000000000000000695910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8cda033d77471b2023-02-07 15:11:14.848root 11241100x8000000000000000695909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b3b1343bb210bc2023-02-07 15:11:14.848root 11241100x8000000000000000695908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb16afb9ba13bde52023-02-07 15:11:14.848root 11241100x8000000000000000695907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b6a1cbf1d11e82023-02-07 15:11:14.848root 11241100x8000000000000000695906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53e610afb569d52023-02-07 15:11:14.848root 11241100x8000000000000000695905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54da098b79672bd52023-02-07 15:11:14.848root 11241100x8000000000000000695918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d62a98ec4f9f22023-02-07 15:11:14.851root 11241100x8000000000000000695917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aece8f83ac05b1732023-02-07 15:11:14.851root 11241100x8000000000000000695916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb700b58f0357492023-02-07 15:11:14.851root 11241100x8000000000000000695915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d97dfbfcc052442023-02-07 15:11:14.851root 11241100x8000000000000000695914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70f187798ec82b92023-02-07 15:11:14.851root 11241100x8000000000000000695913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d078a32e8f1ddbf32023-02-07 15:11:14.851root 11241100x8000000000000000695912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf78970985035f622023-02-07 15:11:14.851root 11241100x8000000000000000695923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f362f7bb6675452023-02-07 15:11:14.852root 11241100x8000000000000000695922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed3812e913290f2023-02-07 15:11:14.852root 11241100x8000000000000000695921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44d6a7a39d06e82023-02-07 15:11:14.852root 11241100x8000000000000000695920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb262c00906a042023-02-07 15:11:14.852root 11241100x8000000000000000695919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78eeff3cee80eb2023-02-07 15:11:14.852root 11241100x8000000000000000695925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc691a75ba5d572023-02-07 15:11:15.346root 11241100x8000000000000000695924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51ee8c4b58a8b7d2023-02-07 15:11:15.346root 11241100x8000000000000000695933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb138ffaf32e4c12023-02-07 15:11:15.347root 11241100x8000000000000000695932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f91eb54c2bec2b2023-02-07 15:11:15.347root 11241100x8000000000000000695931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a7c3d1afc57c62023-02-07 15:11:15.347root 11241100x8000000000000000695930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3417343ddd1acb062023-02-07 15:11:15.347root 11241100x8000000000000000695929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6fe489239283752023-02-07 15:11:15.347root 11241100x8000000000000000695928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268ebbfb1ac771ca2023-02-07 15:11:15.347root 11241100x8000000000000000695927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02dbfbd245cf37a2023-02-07 15:11:15.347root 11241100x8000000000000000695926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed89df5c4476fe2023-02-07 15:11:15.347root 11241100x8000000000000000695936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b8da4cdf32ac32023-02-07 15:11:15.348root 11241100x8000000000000000695935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277380f655ed8a1e2023-02-07 15:11:15.348root 11241100x8000000000000000695934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55ede5ec6f2336e2023-02-07 15:11:15.348root 11241100x8000000000000000695938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a990a210f9099c2023-02-07 15:11:15.349root 11241100x8000000000000000695937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9851668dde4f1ff2023-02-07 15:11:15.349root 11241100x8000000000000000695940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034974c8724383dd2023-02-07 15:11:15.350root 11241100x8000000000000000695939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6782953b10a127c92023-02-07 15:11:15.350root 11241100x8000000000000000695941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bab1b0b5acc9faf2023-02-07 15:11:15.351root 11241100x8000000000000000695942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e6ba384a5ec6b2023-02-07 15:11:15.352root 11241100x8000000000000000695943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66191c8c7078af42023-02-07 15:11:15.353root 11241100x8000000000000000695944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e471589f5d8e8f3b2023-02-07 15:11:15.354root 11241100x8000000000000000695946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5bc16c7b2792e92023-02-07 15:11:15.355root 11241100x8000000000000000695945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b285ba87fb34e42023-02-07 15:11:15.355root 11241100x8000000000000000695947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412198a24b1541622023-02-07 15:11:15.356root 11241100x8000000000000000695951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea567a40e163d82023-02-07 15:11:15.357root 11241100x8000000000000000695950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd73b795b02420972023-02-07 15:11:15.357root 11241100x8000000000000000695949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8212a5cd6fbb51b2023-02-07 15:11:15.357root 11241100x8000000000000000695948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd126bb4b7403c2023-02-07 15:11:15.357root 11241100x8000000000000000695953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84263a17821f2b212023-02-07 15:11:15.358root 11241100x8000000000000000695952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1fa69346dc10c22023-02-07 15:11:15.358root 11241100x8000000000000000695954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.359{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f69e522e5f73a82023-02-07 15:11:15.359root 11241100x8000000000000000695958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c42b05008e91d2023-02-07 15:11:15.846root 11241100x8000000000000000695957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b3f33d3eb4d7b72023-02-07 15:11:15.846root 11241100x8000000000000000695956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222416912de4c82e2023-02-07 15:11:15.846root 11241100x8000000000000000695955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcfa9ae8d6e89cd2023-02-07 15:11:15.846root 11241100x8000000000000000695969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aef9cdba2387f72023-02-07 15:11:15.847root 11241100x8000000000000000695968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de3a95617aab56a2023-02-07 15:11:15.847root 11241100x8000000000000000695967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cf1bdc9abb407a2023-02-07 15:11:15.847root 11241100x8000000000000000695966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33469d672d9bfe82023-02-07 15:11:15.847root 11241100x8000000000000000695965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a6b49d485b51f2023-02-07 15:11:15.847root 11241100x8000000000000000695964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31463b83717663e22023-02-07 15:11:15.847root 11241100x8000000000000000695963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752f949b67a33d462023-02-07 15:11:15.847root 11241100x8000000000000000695962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c8cd737ba39e92023-02-07 15:11:15.847root 11241100x8000000000000000695961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea24722302aec42023-02-07 15:11:15.847root 11241100x8000000000000000695960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f53044a438f2412023-02-07 15:11:15.847root 11241100x8000000000000000695959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c300b787a79386a2023-02-07 15:11:15.847root 11241100x8000000000000000695979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534930e73db26b622023-02-07 15:11:15.848root 11241100x8000000000000000695978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a46945c58fd61f2023-02-07 15:11:15.848root 11241100x8000000000000000695977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9a6cc1fb072722023-02-07 15:11:15.848root 11241100x8000000000000000695976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc294d071db2314d2023-02-07 15:11:15.848root 11241100x8000000000000000695975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a97e9264c54a89b2023-02-07 15:11:15.848root 11241100x8000000000000000695974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa016abbe1fa825c2023-02-07 15:11:15.848root 11241100x8000000000000000695973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86449c0118042d5f2023-02-07 15:11:15.848root 11241100x8000000000000000695972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088ecabdf2a2bad2023-02-07 15:11:15.848root 11241100x8000000000000000695971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd275fccea059a2023-02-07 15:11:15.848root 11241100x8000000000000000695970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dd043c149e79c2023-02-07 15:11:15.848root 11241100x8000000000000000695985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34922b16d7f4ce82023-02-07 15:11:15.849root 11241100x8000000000000000695984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cbbc4e61a688c42023-02-07 15:11:15.849root 11241100x8000000000000000695983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3adbff3cde11782023-02-07 15:11:15.849root 11241100x8000000000000000695982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac715827e9ba97762023-02-07 15:11:15.849root 11241100x8000000000000000695981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821eef118181a0082023-02-07 15:11:15.849root 11241100x8000000000000000695980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158eed9dc8a7442a2023-02-07 15:11:15.849root 11241100x8000000000000000695988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c872b486f470c22023-02-07 15:11:16.346root 11241100x8000000000000000695987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0808eee39c524a2023-02-07 15:11:16.346root 11241100x8000000000000000695986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb44f46261e12c5a2023-02-07 15:11:16.346root 11241100x8000000000000000695997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e271402c5326c62023-02-07 15:11:16.347root 11241100x8000000000000000695996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a1d97d7236d812023-02-07 15:11:16.347root 11241100x8000000000000000695995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71589b191e623b232023-02-07 15:11:16.347root 11241100x8000000000000000695994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4b70277e56e902023-02-07 15:11:16.347root 11241100x8000000000000000695993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d39bbb1d8e050f02023-02-07 15:11:16.347root 11241100x8000000000000000695992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906ab8a5932d72a2023-02-07 15:11:16.347root 11241100x8000000000000000695991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604f0abbf44c6aea2023-02-07 15:11:16.347root 11241100x8000000000000000695990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6b0a237c0617202023-02-07 15:11:16.347root 11241100x8000000000000000695989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ab5f1b4c5235a2023-02-07 15:11:16.347root 11241100x8000000000000000696003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9833fa87d70b74d2023-02-07 15:11:16.348root 11241100x8000000000000000696002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f882892b111c6132023-02-07 15:11:16.348root 11241100x8000000000000000696001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e69395937d981b02023-02-07 15:11:16.348root 11241100x8000000000000000696000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de31742f1ceab80e2023-02-07 15:11:16.348root 11241100x8000000000000000695999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ae8b292ae3d3f2023-02-07 15:11:16.348root 11241100x8000000000000000695998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069bb40d2dc457592023-02-07 15:11:16.348root 11241100x8000000000000000696008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aff49593a2f52d2023-02-07 15:11:16.349root 11241100x8000000000000000696007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4133128460ca852023-02-07 15:11:16.349root 11241100x8000000000000000696006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403187a167315e4d2023-02-07 15:11:16.349root 11241100x8000000000000000696005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0dacbb0c3730ed2023-02-07 15:11:16.349root 11241100x8000000000000000696004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd08153db483725c2023-02-07 15:11:16.349root 11241100x8000000000000000696011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dbd34d68b7d22e2023-02-07 15:11:16.350root 11241100x8000000000000000696010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e86b8e9fe95faf82023-02-07 15:11:16.350root 11241100x8000000000000000696009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0e33422a6a7022023-02-07 15:11:16.350root 11241100x8000000000000000696015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc98e9e52c70bc2023-02-07 15:11:16.351root 11241100x8000000000000000696014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec40d0e2718e42872023-02-07 15:11:16.351root 11241100x8000000000000000696013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805eeda6c42437582023-02-07 15:11:16.351root 11241100x8000000000000000696012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf910483f74d592023-02-07 15:11:16.351root 11241100x8000000000000000696016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73c03eff4e181e2023-02-07 15:11:16.352root 11241100x8000000000000000696019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901ddb4c9c0204852023-02-07 15:11:16.846root 11241100x8000000000000000696018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e5cb62f93cfef12023-02-07 15:11:16.846root 11241100x8000000000000000696017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1589d3ee6364271b2023-02-07 15:11:16.846root 11241100x8000000000000000696026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e2bf7ce218c0792023-02-07 15:11:16.847root 11241100x8000000000000000696025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbabead6cdd0a072023-02-07 15:11:16.847root 11241100x8000000000000000696024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c035a5d02b15e422023-02-07 15:11:16.847root 11241100x8000000000000000696023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830e9986270bb0f2023-02-07 15:11:16.847root 11241100x8000000000000000696022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8281b0e164e112023-02-07 15:11:16.847root 11241100x8000000000000000696021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c4cbff827ba5392023-02-07 15:11:16.847root 11241100x8000000000000000696020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d876349bc10e32023-02-07 15:11:16.847root 11241100x8000000000000000696041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c650149e5ff2d62023-02-07 15:11:16.848root 11241100x8000000000000000696040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab44be3861a4164f2023-02-07 15:11:16.848root 11241100x8000000000000000696039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b038ac15796ecb52023-02-07 15:11:16.848root 11241100x8000000000000000696038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b807709cc1d44a2023-02-07 15:11:16.848root 11241100x8000000000000000696037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8441f92eaac69f3f2023-02-07 15:11:16.848root 11241100x8000000000000000696036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5659c9c61f4d436d2023-02-07 15:11:16.848root 11241100x8000000000000000696035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c25ca18472356e2023-02-07 15:11:16.848root 11241100x8000000000000000696034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8b2444f9155852023-02-07 15:11:16.848root 11241100x8000000000000000696033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f92f5b20cbe539f2023-02-07 15:11:16.848root 11241100x8000000000000000696032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d347bb7dc9fd962023-02-07 15:11:16.848root 11241100x8000000000000000696031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0237304e9abc4be2023-02-07 15:11:16.848root 11241100x8000000000000000696030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb263252fae6282023-02-07 15:11:16.848root 11241100x8000000000000000696029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086c3a8f608fbe2b2023-02-07 15:11:16.848root 11241100x8000000000000000696028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a94ad55a5d6dd2023-02-07 15:11:16.848root 11241100x8000000000000000696027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55a9d5f423e47c2023-02-07 15:11:16.848root 11241100x8000000000000000696047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a858ded23852b0a2023-02-07 15:11:16.849root 11241100x8000000000000000696046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ced3699dfa6ae2023-02-07 15:11:16.849root 11241100x8000000000000000696045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48926f572c57d0012023-02-07 15:11:16.849root 11241100x8000000000000000696044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196b353028583c52023-02-07 15:11:16.849root 11241100x8000000000000000696043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95e42b42758a9ea2023-02-07 15:11:16.849root 11241100x8000000000000000696042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b238fab06208f022023-02-07 15:11:16.849root 11241100x8000000000000000696053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5dec74500fe1742023-02-07 15:11:17.346root 11241100x8000000000000000696052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9addb9766d1cf142023-02-07 15:11:17.346root 11241100x8000000000000000696051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbacdbbaed90c8a42023-02-07 15:11:17.346root 11241100x8000000000000000696050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757c5b3edf94eb62023-02-07 15:11:17.346root 11241100x8000000000000000696049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7963aa89a2265dea2023-02-07 15:11:17.346root 11241100x8000000000000000696048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b721137ef8d2532023-02-07 15:11:17.346root 11241100x8000000000000000696059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee912fde9071bcea2023-02-07 15:11:17.347root 11241100x8000000000000000696058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c57e5a5abfba22023-02-07 15:11:17.347root 11241100x8000000000000000696057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06522585c083f1c52023-02-07 15:11:17.347root 11241100x8000000000000000696056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ead1545f8e9ac2023-02-07 15:11:17.347root 11241100x8000000000000000696055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c8cce0bf4e8bd2023-02-07 15:11:17.347root 11241100x8000000000000000696054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37adcea53183f2f22023-02-07 15:11:17.347root 11241100x8000000000000000696069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15545a7727c4596b2023-02-07 15:11:17.349root 11241100x8000000000000000696068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7512b1ab80f5ed2023-02-07 15:11:17.349root 11241100x8000000000000000696067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d099a226f0484d22023-02-07 15:11:17.349root 11241100x8000000000000000696066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e953d7c3375c12a32023-02-07 15:11:17.349root 11241100x8000000000000000696065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79251809c5a81c0b2023-02-07 15:11:17.349root 11241100x8000000000000000696064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50729e724d07a5122023-02-07 15:11:17.349root 11241100x8000000000000000696063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b4b3a1cd845c4f2023-02-07 15:11:17.349root 11241100x8000000000000000696062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce57960079ce6bd2023-02-07 15:11:17.349root 11241100x8000000000000000696061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7ae3a4b02e4cbd2023-02-07 15:11:17.349root 11241100x8000000000000000696060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4f9b4e4430b4472023-02-07 15:11:17.349root 11241100x8000000000000000696070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54441adb99adf28d2023-02-07 15:11:17.350root 11241100x8000000000000000696078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06348fc2622ada8a2023-02-07 15:11:17.351root 11241100x8000000000000000696077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a07a85c6f76ddd62023-02-07 15:11:17.351root 11241100x8000000000000000696076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2649420da9df3f0b2023-02-07 15:11:17.351root 11241100x8000000000000000696075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47183ae2b21e40152023-02-07 15:11:17.351root 11241100x8000000000000000696074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f47dacd197c9ad2023-02-07 15:11:17.351root 11241100x8000000000000000696073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aca3b80fff8a342023-02-07 15:11:17.351root 11241100x8000000000000000696072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f9a1da00748b22023-02-07 15:11:17.351root 11241100x8000000000000000696071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d8399072b4a6092023-02-07 15:11:17.351root 11241100x8000000000000000696082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d9449fff2dc422023-02-07 15:11:17.846root 11241100x8000000000000000696081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c344faf8153f60f22023-02-07 15:11:17.846root 11241100x8000000000000000696080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdb315be0b2494f2023-02-07 15:11:17.846root 11241100x8000000000000000696079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81361c728579438e2023-02-07 15:11:17.846root 11241100x8000000000000000696088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027f00afa9890522023-02-07 15:11:17.847root 11241100x8000000000000000696087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2c91c8dd0a8302023-02-07 15:11:17.847root 11241100x8000000000000000696086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c729589a712da22023-02-07 15:11:17.847root 11241100x8000000000000000696085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef95aab654c34d62023-02-07 15:11:17.847root 11241100x8000000000000000696084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0d4415550c0b2e2023-02-07 15:11:17.847root 11241100x8000000000000000696083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295cc43334b0fab2023-02-07 15:11:17.847root 11241100x8000000000000000696091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58917fc029fd43162023-02-07 15:11:17.848root 11241100x8000000000000000696090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a773f8060648526d2023-02-07 15:11:17.848root 11241100x8000000000000000696089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce899dfe8b1e0ba42023-02-07 15:11:17.848root 11241100x8000000000000000696093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441fc1b3a17e0e962023-02-07 15:11:17.849root 11241100x8000000000000000696092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695c84ecd2cc0372023-02-07 15:11:17.849root 11241100x8000000000000000696096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ab07fdd46820182023-02-07 15:11:17.850root 11241100x8000000000000000696095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b935916f32a30fb52023-02-07 15:11:17.850root 11241100x8000000000000000696094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad403df4a50ac842023-02-07 15:11:17.850root 11241100x8000000000000000696104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a15344e04dda7e52023-02-07 15:11:17.851root 11241100x8000000000000000696103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479e6869a5da0382023-02-07 15:11:17.851root 11241100x8000000000000000696102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd50aac7dbdb1412023-02-07 15:11:17.851root 11241100x8000000000000000696101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7af3f5fc430ebc2023-02-07 15:11:17.851root 11241100x8000000000000000696100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f825e9a5a8ff0ff52023-02-07 15:11:17.851root 11241100x8000000000000000696099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fc571820a8c7c12023-02-07 15:11:17.851root 11241100x8000000000000000696098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74ab28b6ae0c5a52023-02-07 15:11:17.851root 11241100x8000000000000000696097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3ad2aeba7416a2023-02-07 15:11:17.851root 11241100x8000000000000000696106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e042bb26cd67cfb52023-02-07 15:11:17.852root 11241100x8000000000000000696105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1085a3c28a32f74b2023-02-07 15:11:17.852root 11241100x8000000000000000696107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539268db67b880b72023-02-07 15:11:17.853root 11241100x8000000000000000696109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2442a727aaa3592023-02-07 15:11:17.854root 11241100x8000000000000000696108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ad3c9455b9bbf2023-02-07 15:11:17.854root 11241100x8000000000000000696115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9327cac3e69c8e92023-02-07 15:11:18.346root 11241100x8000000000000000696114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980113cd1fc5a1122023-02-07 15:11:18.346root 11241100x8000000000000000696113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ce272a78fbbd42023-02-07 15:11:18.346root 11241100x8000000000000000696112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febb6ddcccd79eac2023-02-07 15:11:18.346root 11241100x8000000000000000696111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9076a09519eefd2023-02-07 15:11:18.346root 11241100x8000000000000000696110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b744f0fe4e535ba22023-02-07 15:11:18.346root 11241100x8000000000000000696130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54280b1bdde5238d2023-02-07 15:11:18.347root 11241100x8000000000000000696129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5137e4f4b7781d2023-02-07 15:11:18.347root 11241100x8000000000000000696128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d61c8589730b112023-02-07 15:11:18.347root 11241100x8000000000000000696127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2852266d01b7d56c2023-02-07 15:11:18.347root 11241100x8000000000000000696126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c7c6a3b91b3e9b2023-02-07 15:11:18.347root 11241100x8000000000000000696125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc40ca0a6a972ca2023-02-07 15:11:18.347root 11241100x8000000000000000696124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18167ef1abe6c21f2023-02-07 15:11:18.347root 11241100x8000000000000000696123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd347bbf63e01dc2023-02-07 15:11:18.347root 11241100x8000000000000000696122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faf7c22f9ca33c52023-02-07 15:11:18.347root 11241100x8000000000000000696121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bb49451cdf62e72023-02-07 15:11:18.347root 11241100x8000000000000000696120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c59cb1fb0d49a82023-02-07 15:11:18.347root 11241100x8000000000000000696119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee249c0d7e2e9fe2023-02-07 15:11:18.347root 11241100x8000000000000000696118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ed0ac5f7eefc1a2023-02-07 15:11:18.347root 11241100x8000000000000000696117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d6e681596bb4a2023-02-07 15:11:18.347root 11241100x8000000000000000696116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dccdade5d90913f2023-02-07 15:11:18.347root 11241100x8000000000000000696140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76acd33e73b6b652023-02-07 15:11:18.348root 11241100x8000000000000000696139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59e443d1eb57a852023-02-07 15:11:18.348root 11241100x8000000000000000696138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c794709bac89260f2023-02-07 15:11:18.348root 11241100x8000000000000000696137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489bf4d3eb6eeb592023-02-07 15:11:18.348root 11241100x8000000000000000696136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7903b63ce93eab72023-02-07 15:11:18.348root 11241100x8000000000000000696135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2ae0f48cd32782023-02-07 15:11:18.348root 11241100x8000000000000000696134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c5f02ea7fde842023-02-07 15:11:18.348root 11241100x8000000000000000696133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70e7bfab6736bfb2023-02-07 15:11:18.348root 11241100x8000000000000000696132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1af612a2e9022a2023-02-07 15:11:18.348root 11241100x8000000000000000696131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f4336ec466d422023-02-07 15:11:18.348root 11241100x8000000000000000696147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc040679224c592023-02-07 15:11:18.846root 11241100x8000000000000000696146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4fde98bf322dd72023-02-07 15:11:18.846root 11241100x8000000000000000696145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9021cda01d04f442023-02-07 15:11:18.846root 11241100x8000000000000000696144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b6c55b4e441ae2023-02-07 15:11:18.846root 11241100x8000000000000000696143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff101d72303e0b32023-02-07 15:11:18.846root 11241100x8000000000000000696142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d71fda7cc94da402023-02-07 15:11:18.846root 11241100x8000000000000000696141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffe637a41e614d2023-02-07 15:11:18.846root 11241100x8000000000000000696161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3762eee0fa12bfcf2023-02-07 15:11:18.847root 11241100x8000000000000000696160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58210a5bb6771d8f2023-02-07 15:11:18.847root 11241100x8000000000000000696159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9758461cd1b5532023-02-07 15:11:18.847root 11241100x8000000000000000696158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb694ac1de2e53322023-02-07 15:11:18.847root 11241100x8000000000000000696157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c260922b373a1792023-02-07 15:11:18.847root 11241100x8000000000000000696156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532415ceb835418c2023-02-07 15:11:18.847root 11241100x8000000000000000696155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb5b885b00535ac2023-02-07 15:11:18.847root 11241100x8000000000000000696154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1d35bebe73a2fd2023-02-07 15:11:18.847root 11241100x8000000000000000696153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f04f34fff5dd5fb2023-02-07 15:11:18.847root 11241100x8000000000000000696152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0423a13a7bd272023-02-07 15:11:18.847root 11241100x8000000000000000696151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656adf98bc9a86e2023-02-07 15:11:18.847root 11241100x8000000000000000696150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa043062c1209002023-02-07 15:11:18.847root 11241100x8000000000000000696149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844f99faa27a941b2023-02-07 15:11:18.847root 11241100x8000000000000000696148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4aef0166b60da32023-02-07 15:11:18.847root 11241100x8000000000000000696171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6098d25aa71cb1d2023-02-07 15:11:18.848root 11241100x8000000000000000696170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f59ab8f8951e2f22023-02-07 15:11:18.848root 11241100x8000000000000000696169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee97c2239e0a6592023-02-07 15:11:18.848root 11241100x8000000000000000696168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d060336d2861142023-02-07 15:11:18.848root 11241100x8000000000000000696167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5f1c79935f4bdc2023-02-07 15:11:18.848root 11241100x8000000000000000696166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c692620c761ea2e92023-02-07 15:11:18.848root 11241100x8000000000000000696165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d031c9477cf7582023-02-07 15:11:18.848root 11241100x8000000000000000696164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e812cd4ad2b31b362023-02-07 15:11:18.848root 11241100x8000000000000000696163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7bffbfcf89dc32023-02-07 15:11:18.848root 11241100x8000000000000000696162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e47264d841740a2023-02-07 15:11:18.848root 11241100x8000000000000000696180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842463abbe9dccfc2023-02-07 15:11:19.347root 11241100x8000000000000000696179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e209dc838f48396b2023-02-07 15:11:19.347root 11241100x8000000000000000696178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b967e26ebb0d5d2023-02-07 15:11:19.347root 11241100x8000000000000000696177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbf896c4039d0152023-02-07 15:11:19.347root 11241100x8000000000000000696176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beda6ffa43d89a72023-02-07 15:11:19.347root 11241100x8000000000000000696175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb7f86e77c7ee32023-02-07 15:11:19.347root 11241100x8000000000000000696174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3118ef41155b5f2023-02-07 15:11:19.347root 11241100x8000000000000000696173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742e064d54ac7d4e2023-02-07 15:11:19.347root 11241100x8000000000000000696172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb80e4b0794e462023-02-07 15:11:19.347root 11241100x8000000000000000696184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33d3359f964b7ea2023-02-07 15:11:19.348root 11241100x8000000000000000696183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8171ca771c50712d2023-02-07 15:11:19.348root 11241100x8000000000000000696182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba059a3c7d96c422023-02-07 15:11:19.348root 11241100x8000000000000000696181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ff4dd287105a792023-02-07 15:11:19.348root 11241100x8000000000000000696194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8da7738450d0c2023-02-07 15:11:19.349root 11241100x8000000000000000696193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cc31246fede6022023-02-07 15:11:19.349root 11241100x8000000000000000696192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a770c137dc68ad2023-02-07 15:11:19.349root 11241100x8000000000000000696191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8cc571019ad5c2023-02-07 15:11:19.349root 11241100x8000000000000000696190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2d317e719a20e2023-02-07 15:11:19.349root 11241100x8000000000000000696189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60f7706735b1d52023-02-07 15:11:19.349root 11241100x8000000000000000696188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc514732d9d7de7c2023-02-07 15:11:19.349root 11241100x8000000000000000696187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16ce576537072152023-02-07 15:11:19.349root 11241100x8000000000000000696186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7596816db242a22023-02-07 15:11:19.349root 11241100x8000000000000000696185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e46d00d7caa08d52023-02-07 15:11:19.349root 11241100x8000000000000000696202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e032a1eee790c622023-02-07 15:11:19.350root 11241100x8000000000000000696201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb9d764891c7e42023-02-07 15:11:19.350root 11241100x8000000000000000696200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c6525301ef01a02023-02-07 15:11:19.350root 11241100x8000000000000000696199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f500829136e7e02023-02-07 15:11:19.350root 11241100x8000000000000000696198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de856519161f11042023-02-07 15:11:19.350root 11241100x8000000000000000696197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fb155b9594ac5a2023-02-07 15:11:19.350root 11241100x8000000000000000696196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561149c1cd804dd82023-02-07 15:11:19.350root 11241100x8000000000000000696195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d21e82f377e0472023-02-07 15:11:19.350root 11241100x8000000000000000696207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02109cab8880f13b2023-02-07 15:11:19.846root 11241100x8000000000000000696206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aacd3636160df342023-02-07 15:11:19.846root 11241100x8000000000000000696205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e10b676a935f4c02023-02-07 15:11:19.846root 11241100x8000000000000000696204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7bfbfb0e34bae52023-02-07 15:11:19.846root 11241100x8000000000000000696203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa48616e7578bdf52023-02-07 15:11:19.846root 11241100x8000000000000000696212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da25d5d532db7562023-02-07 15:11:19.847root 11241100x8000000000000000696211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7a512f1c91ad1d2023-02-07 15:11:19.847root 11241100x8000000000000000696210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6426b3d9db5025a42023-02-07 15:11:19.847root 11241100x8000000000000000696209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5e7befc516bbc2023-02-07 15:11:19.847root 11241100x8000000000000000696208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0dcea8be8d5d332023-02-07 15:11:19.847root 11241100x8000000000000000696221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79bda5c2e09de342023-02-07 15:11:19.848root 11241100x8000000000000000696220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c3a4ac730162a2023-02-07 15:11:19.848root 11241100x8000000000000000696219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49358d878030c0c2023-02-07 15:11:19.848root 11241100x8000000000000000696218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb1e85cbbda1f9e2023-02-07 15:11:19.848root 11241100x8000000000000000696217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b773d2bef38032023-02-07 15:11:19.848root 11241100x8000000000000000696216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8f612f3f9c0e12023-02-07 15:11:19.848root 11241100x8000000000000000696215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20120d71a4a7122023-02-07 15:11:19.848root 11241100x8000000000000000696214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f28890fb95d9fa2023-02-07 15:11:19.848root 11241100x8000000000000000696213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8417f78a777eee12023-02-07 15:11:19.848root 11241100x8000000000000000696229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645713dcdb65553c2023-02-07 15:11:19.849root 11241100x8000000000000000696228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e85025e5d35622023-02-07 15:11:19.849root 11241100x8000000000000000696227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e12ae970381502023-02-07 15:11:19.849root 11241100x8000000000000000696226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f631915026aa3112023-02-07 15:11:19.849root 11241100x8000000000000000696225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323dfac6a9de4ba32023-02-07 15:11:19.849root 11241100x8000000000000000696224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77efb32b27f853112023-02-07 15:11:19.849root 11241100x8000000000000000696223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c953f2b4cb3dd4ef2023-02-07 15:11:19.849root 11241100x8000000000000000696222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72055311c1921222023-02-07 15:11:19.849root 11241100x8000000000000000696233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba643d1c9a28c2e2023-02-07 15:11:19.850root 11241100x8000000000000000696232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2243447f9b15da2023-02-07 15:11:19.850root 11241100x8000000000000000696231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ba317193ddfec92023-02-07 15:11:19.850root 11241100x8000000000000000696230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36242bb69880c02023-02-07 15:11:19.850root 354300x8000000000000000696234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.068{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46476-false10.0.1.12-8000- 11241100x8000000000000000696239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dceab060440f1052023-02-07 15:11:20.346root 11241100x8000000000000000696238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16edc2c23bfa7c582023-02-07 15:11:20.346root 11241100x8000000000000000696237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9297e5aa6d89d2023-02-07 15:11:20.346root 11241100x8000000000000000696236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbeab710b703a2a2023-02-07 15:11:20.346root 11241100x8000000000000000696235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ab29c99117bb742023-02-07 15:11:20.346root 11241100x8000000000000000696246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b023a5ab9490fd2023-02-07 15:11:20.347root 11241100x8000000000000000696245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11dcb4ab61eed92023-02-07 15:11:20.347root 11241100x8000000000000000696244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052ffd52d4cc89b2023-02-07 15:11:20.347root 11241100x8000000000000000696243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c0a15f277835c52023-02-07 15:11:20.347root 11241100x8000000000000000696242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51264d7f4795a1f2023-02-07 15:11:20.347root 11241100x8000000000000000696241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f52c3b6c37e90912023-02-07 15:11:20.347root 11241100x8000000000000000696240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39612759853a3e352023-02-07 15:11:20.347root 11241100x8000000000000000696255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6736f49c42d6fa5c2023-02-07 15:11:20.348root 11241100x8000000000000000696254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57920d3bef32322023-02-07 15:11:20.348root 11241100x8000000000000000696253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd128be100256f2023-02-07 15:11:20.348root 11241100x8000000000000000696252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63fdb4e40f8e99e2023-02-07 15:11:20.348root 11241100x8000000000000000696251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0684941892a3dfb82023-02-07 15:11:20.348root 11241100x8000000000000000696250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4ba1de1b3ce832023-02-07 15:11:20.348root 11241100x8000000000000000696249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb01d86ad3782f2023-02-07 15:11:20.348root 11241100x8000000000000000696248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87831d667cf774f62023-02-07 15:11:20.348root 11241100x8000000000000000696247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ca2b2bab37c8a2023-02-07 15:11:20.348root 11241100x8000000000000000696257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545b9a788fe4256e2023-02-07 15:11:20.349root 11241100x8000000000000000696256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb38cd03cd602bf2023-02-07 15:11:20.349root 11241100x8000000000000000696266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f30be05619e034e2023-02-07 15:11:20.351root 11241100x8000000000000000696265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cd3ce86390973e2023-02-07 15:11:20.351root 11241100x8000000000000000696264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d2615ae6c72a02023-02-07 15:11:20.351root 11241100x8000000000000000696263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc2f6e7b522ff22023-02-07 15:11:20.351root 11241100x8000000000000000696262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d042a871ab70a2023-02-07 15:11:20.351root 11241100x8000000000000000696261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc7ba55c78441c62023-02-07 15:11:20.351root 11241100x8000000000000000696260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a12ad5214d424512023-02-07 15:11:20.351root 11241100x8000000000000000696259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2015f5566c9e90182023-02-07 15:11:20.351root 11241100x8000000000000000696258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298911d3e5c7374f2023-02-07 15:11:20.351root 11241100x8000000000000000696271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0997ce44c9f81ab2023-02-07 15:11:20.846root 11241100x8000000000000000696270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2983baa6b107e2023-02-07 15:11:20.846root 11241100x8000000000000000696269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb452372ac362d172023-02-07 15:11:20.846root 11241100x8000000000000000696268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3a1e345a2490b42023-02-07 15:11:20.846root 11241100x8000000000000000696267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365878cd9c788dcc2023-02-07 15:11:20.846root 11241100x8000000000000000696275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81d030d7b0a67f2023-02-07 15:11:20.849root 11241100x8000000000000000696274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca2c13b01ce5b962023-02-07 15:11:20.849root 11241100x8000000000000000696273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa77cbe53bf42a2023-02-07 15:11:20.849root 11241100x8000000000000000696272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ed05b4e6eae802023-02-07 15:11:20.849root 11241100x8000000000000000696283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c29d696b71268722023-02-07 15:11:20.850root 11241100x8000000000000000696282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613763953c0f91052023-02-07 15:11:20.850root 11241100x8000000000000000696281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df65b31f1eadc5b62023-02-07 15:11:20.850root 11241100x8000000000000000696280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d226736aaf8722023-02-07 15:11:20.850root 11241100x8000000000000000696279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733b0692da13849d2023-02-07 15:11:20.850root 11241100x8000000000000000696278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3345d4887a248fd72023-02-07 15:11:20.850root 11241100x8000000000000000696277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6bf4d30edfb822023-02-07 15:11:20.850root 11241100x8000000000000000696276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc1b849c57325d32023-02-07 15:11:20.850root 11241100x8000000000000000696298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e0e5579a2b4502023-02-07 15:11:20.851root 11241100x8000000000000000696297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f8b2fbbc6a22b72023-02-07 15:11:20.851root 11241100x8000000000000000696296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243fb1806e8d44d32023-02-07 15:11:20.851root 11241100x8000000000000000696295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c419542846e6b9372023-02-07 15:11:20.851root 11241100x8000000000000000696294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5c0833c3a76ae52023-02-07 15:11:20.851root 11241100x8000000000000000696293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057db7eb80e68ac2023-02-07 15:11:20.851root 11241100x8000000000000000696292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd3d02860d3d672023-02-07 15:11:20.851root 11241100x8000000000000000696291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398a847a33350f322023-02-07 15:11:20.851root 11241100x8000000000000000696290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60351408db578642023-02-07 15:11:20.851root 11241100x8000000000000000696289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4870dac8544018d72023-02-07 15:11:20.851root 11241100x8000000000000000696288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7456470100ad96c2023-02-07 15:11:20.851root 11241100x8000000000000000696287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818d79dadf0723dd2023-02-07 15:11:20.851root 11241100x8000000000000000696286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d7282a0fd16872023-02-07 15:11:20.851root 11241100x8000000000000000696285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981c8ebba50f23ad2023-02-07 15:11:20.851root 11241100x8000000000000000696284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506341385fed63822023-02-07 15:11:20.851root 11241100x8000000000000000696303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb34ba05c01a7c2023-02-07 15:11:21.346root 11241100x8000000000000000696302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07343c38c17c3362023-02-07 15:11:21.346root 11241100x8000000000000000696301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cdbc380cf321f32023-02-07 15:11:21.346root 11241100x8000000000000000696300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541f7945f6d4e9b72023-02-07 15:11:21.346root 11241100x8000000000000000696299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eba25593f0855382023-02-07 15:11:21.346root 11241100x8000000000000000696311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47abe1c075a1a6262023-02-07 15:11:21.347root 11241100x8000000000000000696310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d93bc55d7d1d2442023-02-07 15:11:21.347root 11241100x8000000000000000696309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d280ce22b437c7c92023-02-07 15:11:21.347root 11241100x8000000000000000696308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5498a12d6e608b642023-02-07 15:11:21.347root 11241100x8000000000000000696307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4428b0189b98e642023-02-07 15:11:21.347root 11241100x8000000000000000696306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51f3394e24fe8122023-02-07 15:11:21.347root 11241100x8000000000000000696305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d31d0cc1a5ba72023-02-07 15:11:21.347root 11241100x8000000000000000696304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b601e3479ade9122023-02-07 15:11:21.347root 11241100x8000000000000000696313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af170358e23596792023-02-07 15:11:21.348root 11241100x8000000000000000696312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bff2cd12a5b5b52023-02-07 15:11:21.348root 11241100x8000000000000000696317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9178bc309c8d586c2023-02-07 15:11:21.351root 11241100x8000000000000000696316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c9e0e9c069b71f2023-02-07 15:11:21.351root 11241100x8000000000000000696315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c72e8022454f32023-02-07 15:11:21.351root 11241100x8000000000000000696314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5a735498e1a6c2023-02-07 15:11:21.351root 11241100x8000000000000000696326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0977252bd4eda34d2023-02-07 15:11:21.352root 11241100x8000000000000000696325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea21922890cd962023-02-07 15:11:21.352root 11241100x8000000000000000696324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036491c525c4b84a2023-02-07 15:11:21.352root 11241100x8000000000000000696323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3074d72a17635c62023-02-07 15:11:21.352root 11241100x8000000000000000696322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59572e882b4ff7da2023-02-07 15:11:21.352root 11241100x8000000000000000696321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea883cc9c1f55db42023-02-07 15:11:21.352root 11241100x8000000000000000696320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a4d77cf7599992023-02-07 15:11:21.352root 11241100x8000000000000000696319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1963b5ff2868b5f2023-02-07 15:11:21.352root 11241100x8000000000000000696318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d859f71bb0256b32023-02-07 15:11:21.352root 11241100x8000000000000000696330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850724d6c62118c42023-02-07 15:11:21.353root 11241100x8000000000000000696329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226ebc2bf9d43ae42023-02-07 15:11:21.353root 11241100x8000000000000000696328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815e46367a6aa992023-02-07 15:11:21.353root 11241100x8000000000000000696327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39fa5c61374f6682023-02-07 15:11:21.353root 11241100x8000000000000000696334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bbf176eadbac292023-02-07 15:11:21.846root 11241100x8000000000000000696333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5f830210f73fc22023-02-07 15:11:21.846root 11241100x8000000000000000696332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8609dc09cc0f472023-02-07 15:11:21.846root 11241100x8000000000000000696331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cb86a5edd11e32023-02-07 15:11:21.846root 11241100x8000000000000000696342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd97119dc53c1ce2023-02-07 15:11:21.847root 11241100x8000000000000000696341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427095c1877babb2023-02-07 15:11:21.847root 11241100x8000000000000000696340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50176df9912c472023-02-07 15:11:21.847root 11241100x8000000000000000696339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfb209dddd4a412023-02-07 15:11:21.847root 11241100x8000000000000000696338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537e0087fe244c432023-02-07 15:11:21.847root 11241100x8000000000000000696337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358f287ed071bc222023-02-07 15:11:21.847root 11241100x8000000000000000696336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766367a9bdddf182023-02-07 15:11:21.847root 11241100x8000000000000000696335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bfe4520bc19a2d2023-02-07 15:11:21.847root 11241100x8000000000000000696347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1910bf05e2fe20102023-02-07 15:11:21.851root 11241100x8000000000000000696346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc9d6d0138ee5b2023-02-07 15:11:21.851root 11241100x8000000000000000696345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3c6bff73f214b2023-02-07 15:11:21.851root 11241100x8000000000000000696344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5595f8c2c231ef612023-02-07 15:11:21.851root 11241100x8000000000000000696343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7c3c292f03b782023-02-07 15:11:21.851root 11241100x8000000000000000696355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce9e0ffbabe37c2023-02-07 15:11:21.852root 11241100x8000000000000000696354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935488cbfad606792023-02-07 15:11:21.852root 11241100x8000000000000000696353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3b4d5b8bf5ffb82023-02-07 15:11:21.852root 11241100x8000000000000000696352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d413bdcec224e7922023-02-07 15:11:21.852root 11241100x8000000000000000696351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01c29b42ec757a2023-02-07 15:11:21.852root 11241100x8000000000000000696350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e5014d400d59a2023-02-07 15:11:21.852root 11241100x8000000000000000696349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7d98bee0cd6392023-02-07 15:11:21.852root 11241100x8000000000000000696348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220b3b0a97c0961f2023-02-07 15:11:21.852root 11241100x8000000000000000696362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddccc042306de052023-02-07 15:11:21.853root 11241100x8000000000000000696361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9efee5753d1b21f2023-02-07 15:11:21.853root 11241100x8000000000000000696360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57f70278f05f2772023-02-07 15:11:21.853root 11241100x8000000000000000696359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2083027425034a12023-02-07 15:11:21.853root 11241100x8000000000000000696358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bddf4d2e9b3752023-02-07 15:11:21.853root 11241100x8000000000000000696357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f03f4e7e322252023-02-07 15:11:21.853root 11241100x8000000000000000696356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c796bbf6821a13f52023-02-07 15:11:21.853root 11241100x8000000000000000696365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3e8af4bfd699f2023-02-07 15:11:22.346root 11241100x8000000000000000696364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704c66b996b318d2023-02-07 15:11:22.346root 11241100x8000000000000000696363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c7deddbff492a2023-02-07 15:11:22.346root 11241100x8000000000000000696374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938b6ef6525a82f2023-02-07 15:11:22.347root 11241100x8000000000000000696373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981a0db3ba8b1872023-02-07 15:11:22.347root 11241100x8000000000000000696372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f428a59f4beee12023-02-07 15:11:22.347root 11241100x8000000000000000696371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ca6fab5fb95a82023-02-07 15:11:22.347root 11241100x8000000000000000696370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77a8b0d755fde42023-02-07 15:11:22.347root 11241100x8000000000000000696369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812b6b961e18dc42023-02-07 15:11:22.347root 11241100x8000000000000000696368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a383b4344740c92023-02-07 15:11:22.347root 11241100x8000000000000000696367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab158f001cf5a6c2023-02-07 15:11:22.347root 11241100x8000000000000000696366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28666b1709de495b2023-02-07 15:11:22.347root 11241100x8000000000000000696378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10056fc731e6c8862023-02-07 15:11:22.348root 11241100x8000000000000000696377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff3064f83b9c142023-02-07 15:11:22.348root 11241100x8000000000000000696376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964eb51f74e8efa2023-02-07 15:11:22.348root 11241100x8000000000000000696375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295681baf5454fb2023-02-07 15:11:22.348root 11241100x8000000000000000696380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71150ec5c5bb5c62023-02-07 15:11:22.349root 11241100x8000000000000000696379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c0292892da9612023-02-07 15:11:22.349root 11241100x8000000000000000696381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4a9405820948c2023-02-07 15:11:22.350root 11241100x8000000000000000696387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe076ff66e0780d2023-02-07 15:11:22.351root 11241100x8000000000000000696386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7609bd7078774b2023-02-07 15:11:22.351root 11241100x8000000000000000696385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ee5aaa2e0c31632023-02-07 15:11:22.351root 11241100x8000000000000000696384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4f317f6918b822023-02-07 15:11:22.351root 11241100x8000000000000000696383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d855ed0d8bcd822023-02-07 15:11:22.351root 11241100x8000000000000000696382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769608704813c9a22023-02-07 15:11:22.351root 11241100x8000000000000000696394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ab03dc67a26fb2023-02-07 15:11:22.352root 11241100x8000000000000000696393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3855f591c91fd2023-02-07 15:11:22.352root 11241100x8000000000000000696392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d200048be4d6d1282023-02-07 15:11:22.352root 11241100x8000000000000000696391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8cc0b79626c05d2023-02-07 15:11:22.352root 11241100x8000000000000000696390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb477c7fa8c7fc2b2023-02-07 15:11:22.352root 11241100x8000000000000000696389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a60ede399d2632023-02-07 15:11:22.352root 11241100x8000000000000000696388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea94d3cdaed83d292023-02-07 15:11:22.352root 11241100x8000000000000000696401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f88116b069bb7d62023-02-07 15:11:22.845root 11241100x8000000000000000696400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09bf44fe51130d62023-02-07 15:11:22.845root 11241100x8000000000000000696399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bd1c44428401e92023-02-07 15:11:22.845root 11241100x8000000000000000696398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2e0fb55d589b862023-02-07 15:11:22.845root 11241100x8000000000000000696397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd56f1660198cbf2023-02-07 15:11:22.845root 11241100x8000000000000000696396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3ac948960455d2023-02-07 15:11:22.845root 11241100x8000000000000000696395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1d7957ae0b01d62023-02-07 15:11:22.845root 11241100x8000000000000000696416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac48080d3343e82023-02-07 15:11:22.846root 11241100x8000000000000000696415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00e21fea74dad32023-02-07 15:11:22.846root 11241100x8000000000000000696414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8726783eb81f0ede2023-02-07 15:11:22.846root 11241100x8000000000000000696413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87a3dcf82aebf4c2023-02-07 15:11:22.846root 11241100x8000000000000000696412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcffdc26531aad412023-02-07 15:11:22.846root 11241100x8000000000000000696411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8fa930cf52c8382023-02-07 15:11:22.846root 11241100x8000000000000000696410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff099f0861fa11d2023-02-07 15:11:22.846root 11241100x8000000000000000696409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6439644a4460cb8d2023-02-07 15:11:22.846root 11241100x8000000000000000696408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db59c22038d6ab12023-02-07 15:11:22.846root 11241100x8000000000000000696407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad255ca73179d7c2023-02-07 15:11:22.846root 11241100x8000000000000000696406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43019aac4e5e896f2023-02-07 15:11:22.846root 11241100x8000000000000000696405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c22b5692f4bbbe2023-02-07 15:11:22.846root 11241100x8000000000000000696404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cdaea8ad79d9ab2023-02-07 15:11:22.846root 11241100x8000000000000000696403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7da226fd84eb52023-02-07 15:11:22.846root 11241100x8000000000000000696402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e826343baf014692023-02-07 15:11:22.846root 11241100x8000000000000000696424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecefa2dd06a42402023-02-07 15:11:22.847root 11241100x8000000000000000696423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222dc83e6ba598c42023-02-07 15:11:22.847root 11241100x8000000000000000696422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca7f1d9503155742023-02-07 15:11:22.847root 11241100x8000000000000000696421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749abbfdfd40de4d2023-02-07 15:11:22.847root 11241100x8000000000000000696420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b24a281d67a73d12023-02-07 15:11:22.847root 11241100x8000000000000000696419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e927a8ca3ae22d2023-02-07 15:11:22.847root 11241100x8000000000000000696418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ffbcfd0547de62023-02-07 15:11:22.847root 11241100x8000000000000000696417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e2e9456a5d1eb2023-02-07 15:11:22.847root 11241100x8000000000000000696426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbeb4e979c7a91b2023-02-07 15:11:22.848root 11241100x8000000000000000696425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58172415840b60022023-02-07 15:11:22.848root 534500x8000000000000000696427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.893{ec244aba-3071-63e2-c83a-8af647560000}483/lib/systemd/systemd-journaldroot 11241100x8000000000000000696431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f0b6ccb2b6f6c2023-02-07 15:11:23.348root 11241100x8000000000000000696430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d104e470a0c31ff2023-02-07 15:11:23.348root 11241100x8000000000000000696429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a25ddd317ff99b2023-02-07 15:11:23.348root 11241100x8000000000000000696428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfdfa8fd1f543b02023-02-07 15:11:23.348root 11241100x8000000000000000696443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2930e46eb98f17c2023-02-07 15:11:23.349root 11241100x8000000000000000696442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e98e60fad2f6802023-02-07 15:11:23.349root 11241100x8000000000000000696441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e77db8135e509b2023-02-07 15:11:23.349root 11241100x8000000000000000696440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753a9017f59ee0452023-02-07 15:11:23.349root 11241100x8000000000000000696439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41ce75e7b4f09a72023-02-07 15:11:23.349root 11241100x8000000000000000696438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bc0eb088e9939b2023-02-07 15:11:23.349root 11241100x8000000000000000696437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ff2aa730c439b2023-02-07 15:11:23.349root 11241100x8000000000000000696436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb1299a8571d47d2023-02-07 15:11:23.349root 11241100x8000000000000000696435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e19711e742a5a7e2023-02-07 15:11:23.349root 11241100x8000000000000000696434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a2551010982c9d2023-02-07 15:11:23.349root 11241100x8000000000000000696433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ffa9d5dc757bed2023-02-07 15:11:23.349root 11241100x8000000000000000696432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80a260d681b16152023-02-07 15:11:23.349root 11241100x8000000000000000696454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc93e3a2de041b72023-02-07 15:11:23.350root 11241100x8000000000000000696453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31638478634d23942023-02-07 15:11:23.350root 11241100x8000000000000000696452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a082edb827e29872023-02-07 15:11:23.350root 11241100x8000000000000000696451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d54187513794a2023-02-07 15:11:23.350root 11241100x8000000000000000696450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d7152fe339c8f2023-02-07 15:11:23.350root 11241100x8000000000000000696449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d854272e7d1b582023-02-07 15:11:23.350root 11241100x8000000000000000696448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b8494ab0e52072023-02-07 15:11:23.350root 11241100x8000000000000000696447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4ba03e7e9cf1c32023-02-07 15:11:23.350root 11241100x8000000000000000696446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134eae52d8abc2e2023-02-07 15:11:23.350root 11241100x8000000000000000696445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b93dc67a58d5b652023-02-07 15:11:23.350root 11241100x8000000000000000696444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b768345b49fc12023-02-07 15:11:23.350root 11241100x8000000000000000696460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060421f0698199de2023-02-07 15:11:23.351root 11241100x8000000000000000696459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1121ba2b43fbf72023-02-07 15:11:23.351root 11241100x8000000000000000696458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07981db49de538352023-02-07 15:11:23.351root 11241100x8000000000000000696457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9094d33a2311b7482023-02-07 15:11:23.351root 11241100x8000000000000000696456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb8af988aefacc62023-02-07 15:11:23.351root 11241100x8000000000000000696455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ebae255f12975f2023-02-07 15:11:23.351root 11241100x8000000000000000696461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28091624d0f022f2023-02-07 15:11:23.846root 11241100x8000000000000000696466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe23e2ad92fce92023-02-07 15:11:23.847root 11241100x8000000000000000696465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc25a4066c21f44b2023-02-07 15:11:23.847root 11241100x8000000000000000696464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486ee9bdaec853d32023-02-07 15:11:23.847root 11241100x8000000000000000696463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed0821c72193172023-02-07 15:11:23.847root 11241100x8000000000000000696462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f91aacbc7ae412023-02-07 15:11:23.847root 11241100x8000000000000000696470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ddd25a67c7131e2023-02-07 15:11:23.848root 11241100x8000000000000000696469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712618049e2455f42023-02-07 15:11:23.848root 11241100x8000000000000000696468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb69719064c1e242023-02-07 15:11:23.848root 11241100x8000000000000000696467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7aaa42c082eefd2023-02-07 15:11:23.848root 11241100x8000000000000000696473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac14707ca06e3322023-02-07 15:11:23.849root 11241100x8000000000000000696472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0af30ce7beaa8392023-02-07 15:11:23.849root 11241100x8000000000000000696471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7e355bf148372f2023-02-07 15:11:23.849root 11241100x8000000000000000696475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcaf8eb4608641e2023-02-07 15:11:23.850root 11241100x8000000000000000696474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff608408642c03cd2023-02-07 15:11:23.850root 11241100x8000000000000000696476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ed8ae56bd700df2023-02-07 15:11:23.854root 11241100x8000000000000000696477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a847bc67beb7e2023-02-07 15:11:23.855root 11241100x8000000000000000696478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f3b3ef38cc23c2023-02-07 15:11:23.857root 11241100x8000000000000000696487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378cfb400e698f462023-02-07 15:11:23.858root 11241100x8000000000000000696486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0675a1a93df5a9d42023-02-07 15:11:23.858root 11241100x8000000000000000696485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8672039e250dc22023-02-07 15:11:23.858root 11241100x8000000000000000696484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc715200060471b2023-02-07 15:11:23.858root 11241100x8000000000000000696483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77c8a2203745d272023-02-07 15:11:23.858root 11241100x8000000000000000696482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f9dee65e0b33f2023-02-07 15:11:23.858root 11241100x8000000000000000696481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ac02a9f265adf22023-02-07 15:11:23.858root 11241100x8000000000000000696480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feff5c95949a8c12023-02-07 15:11:23.858root 11241100x8000000000000000696479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee026b9e559919602023-02-07 15:11:23.858root 11241100x8000000000000000696489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d24ec5722a52b2023-02-07 15:11:23.859root 11241100x8000000000000000696488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a2de5fda877ec2023-02-07 15:11:23.859root 11241100x8000000000000000696491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fe44200a37cce42023-02-07 15:11:23.860root 11241100x8000000000000000696490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044c55cce278b9052023-02-07 15:11:23.860root 11241100x8000000000000000696493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e2ea638289c1022023-02-07 15:11:23.861root 11241100x8000000000000000696492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe262e731bdac722023-02-07 15:11:23.861root 11241100x8000000000000000696498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf0b73dc597f1bc2023-02-07 15:11:24.346root 11241100x8000000000000000696497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5010424005c9512023-02-07 15:11:24.346root 11241100x8000000000000000696496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edbb6d52b3a09742023-02-07 15:11:24.346root 11241100x8000000000000000696495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6558766a298b6d2e2023-02-07 15:11:24.346root 11241100x8000000000000000696494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c9cfa6af7b1c12023-02-07 15:11:24.346root 11241100x8000000000000000696507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b361621f2a6c1e2023-02-07 15:11:24.347root 11241100x8000000000000000696506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f6f818833ab2a52023-02-07 15:11:24.347root 11241100x8000000000000000696505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b385e9632340672023-02-07 15:11:24.347root 11241100x8000000000000000696504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aae9d9a1aa17ff2023-02-07 15:11:24.347root 11241100x8000000000000000696503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7408ec19c5fbad2023-02-07 15:11:24.347root 11241100x8000000000000000696502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235b339627e563c2023-02-07 15:11:24.347root 11241100x8000000000000000696501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7296f92997c3825d2023-02-07 15:11:24.347root 11241100x8000000000000000696500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af612c144b8a61f52023-02-07 15:11:24.347root 11241100x8000000000000000696499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24e744fb5407002023-02-07 15:11:24.347root 11241100x8000000000000000696508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd22c9ec4780b392023-02-07 15:11:24.348root 11241100x8000000000000000696514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cef38d721318e62023-02-07 15:11:24.349root 11241100x8000000000000000696513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62c0a7d0a95a74f2023-02-07 15:11:24.349root 11241100x8000000000000000696512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5479b5d48bfabb72023-02-07 15:11:24.349root 11241100x8000000000000000696511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d33b5890892f662023-02-07 15:11:24.349root 11241100x8000000000000000696510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ca9b058f8bcad52023-02-07 15:11:24.349root 11241100x8000000000000000696509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066afbb5f1d188152023-02-07 15:11:24.349root 11241100x8000000000000000696526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9beaa78017239772023-02-07 15:11:24.350root 11241100x8000000000000000696525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cbdd4aabbd89172023-02-07 15:11:24.350root 11241100x8000000000000000696524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb7397ba5ab2c22023-02-07 15:11:24.350root 11241100x8000000000000000696523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa614067268429ff2023-02-07 15:11:24.350root 11241100x8000000000000000696522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e63a4bd820ab22023-02-07 15:11:24.350root 11241100x8000000000000000696521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa05e5809870bb82023-02-07 15:11:24.350root 11241100x8000000000000000696520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6fb099a069a8bf2023-02-07 15:11:24.350root 11241100x8000000000000000696519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad229f2a995c51e2023-02-07 15:11:24.350root 11241100x8000000000000000696518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac3eccaae6ba5d2023-02-07 15:11:24.350root 11241100x8000000000000000696517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3eaf4a668a969c2023-02-07 15:11:24.350root 11241100x8000000000000000696516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ada76e4b11567492023-02-07 15:11:24.350root 11241100x8000000000000000696515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba94ea103ac0fdc2023-02-07 15:11:24.350root 11241100x8000000000000000696527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.731{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:11:24.731root 11241100x8000000000000000696536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1dd79b639197122023-02-07 15:11:24.732root 11241100x8000000000000000696535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1530647b715e0ad2023-02-07 15:11:24.732root 11241100x8000000000000000696534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3045f07e323a7682023-02-07 15:11:24.732root 11241100x8000000000000000696533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9d2f758377096d2023-02-07 15:11:24.732root 11241100x8000000000000000696532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e410afc5df43f8b12023-02-07 15:11:24.732root 11241100x8000000000000000696531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffea8d6d474a4ab62023-02-07 15:11:24.732root 11241100x8000000000000000696530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0632d0a9613141322023-02-07 15:11:24.732root 11241100x8000000000000000696529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c7d58fa546cb522023-02-07 15:11:24.732root 11241100x8000000000000000696528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c21e4cb16790b2023-02-07 15:11:24.732root 11241100x8000000000000000696547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8e1669f3828132023-02-07 15:11:24.733root 11241100x8000000000000000696546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab77906bcb868f372023-02-07 15:11:24.733root 11241100x8000000000000000696545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a672c90f484ba4a42023-02-07 15:11:24.733root 11241100x8000000000000000696544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cfb28da6eb54d52023-02-07 15:11:24.733root 11241100x8000000000000000696543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed987c2a0e5c1e2023-02-07 15:11:24.733root 11241100x8000000000000000696542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fcf6f2832a67752023-02-07 15:11:24.733root 11241100x8000000000000000696541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abcb8c4e3cc977e2023-02-07 15:11:24.733root 11241100x8000000000000000696540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfcf98ef79e368c2023-02-07 15:11:24.733root 11241100x8000000000000000696539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24acb07ba4154652023-02-07 15:11:24.733root 11241100x8000000000000000696538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50329eb37482de4b2023-02-07 15:11:24.733root 11241100x8000000000000000696537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e185439948be3ada2023-02-07 15:11:24.733root 11241100x8000000000000000696557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7082da18cb02122023-02-07 15:11:24.734root 11241100x8000000000000000696556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cad564aa02e110f2023-02-07 15:11:24.734root 11241100x8000000000000000696555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f901b85ad74e16a62023-02-07 15:11:24.734root 11241100x8000000000000000696554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49493f3a15cc673e2023-02-07 15:11:24.734root 11241100x8000000000000000696553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab885c2b21d562c22023-02-07 15:11:24.734root 11241100x8000000000000000696552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a23b16695a5262023-02-07 15:11:24.734root 11241100x8000000000000000696551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce825c54b0bd98112023-02-07 15:11:24.734root 11241100x8000000000000000696550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725845bd642155392023-02-07 15:11:24.734root 11241100x8000000000000000696549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6cf9db36b1a4be2023-02-07 15:11:24.734root 11241100x8000000000000000696548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52e2bef5127e56b2023-02-07 15:11:24.734root 11241100x8000000000000000696567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f3b597467de8b2023-02-07 15:11:24.735root 11241100x8000000000000000696566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92792b743f55d13b2023-02-07 15:11:24.735root 11241100x8000000000000000696565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aa701f95064ac32023-02-07 15:11:24.735root 11241100x8000000000000000696564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59ce6d7ebede24f2023-02-07 15:11:24.735root 11241100x8000000000000000696563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e959d4cf1e64892023-02-07 15:11:24.735root 11241100x8000000000000000696562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d998ea3344787a2023-02-07 15:11:24.735root 11241100x8000000000000000696561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f509e97ecdb8bb52023-02-07 15:11:24.735root 11241100x8000000000000000696560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f761e78bf99daca12023-02-07 15:11:24.735root 11241100x8000000000000000696559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc3e8c1b2eeb2b62023-02-07 15:11:24.735root 11241100x8000000000000000696558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda3168fcc10ddc2023-02-07 15:11:24.735root 11241100x8000000000000000696576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94281b6b13f98f3d2023-02-07 15:11:24.736root 11241100x8000000000000000696575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c401ffb8cae59212023-02-07 15:11:24.736root 11241100x8000000000000000696574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf90a9e5c9fd1b2023-02-07 15:11:24.736root 11241100x8000000000000000696573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909650defe265282023-02-07 15:11:24.736root 11241100x8000000000000000696572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37db3e1bbd126cea2023-02-07 15:11:24.736root 11241100x8000000000000000696571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b56a48a1e88052023-02-07 15:11:24.736root 11241100x8000000000000000696570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1b0bc1dd7463612023-02-07 15:11:24.736root 11241100x8000000000000000696569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d65ea8695abd83a2023-02-07 15:11:24.736root 11241100x8000000000000000696568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf850b9382fc752023-02-07 15:11:24.736root 11241100x8000000000000000696578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882ac96f792b33212023-02-07 15:11:24.737root 11241100x8000000000000000696577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8525fd44a4a42ee92023-02-07 15:11:24.737root 11241100x8000000000000000696583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964473e0a56c3182023-02-07 15:11:25.095root 11241100x8000000000000000696582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3532d425b8ba8ef22023-02-07 15:11:25.095root 11241100x8000000000000000696581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea45c0bc2462422023-02-07 15:11:25.095root 11241100x8000000000000000696580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c0f2760c16a7022023-02-07 15:11:25.095root 11241100x8000000000000000696579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659289c0d9ab7262023-02-07 15:11:25.095root 11241100x8000000000000000696593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250f7961c5b89e382023-02-07 15:11:25.096root 11241100x8000000000000000696592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501feb0316d4d3222023-02-07 15:11:25.096root 11241100x8000000000000000696591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9306ce2255b7222023-02-07 15:11:25.096root 11241100x8000000000000000696590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3bb9618d395d612023-02-07 15:11:25.096root 11241100x8000000000000000696589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5000191d86499e2023-02-07 15:11:25.096root 11241100x8000000000000000696588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3011786407431e2023-02-07 15:11:25.096root 11241100x8000000000000000696587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb06465894f887572023-02-07 15:11:25.096root 11241100x8000000000000000696586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161974369714456f2023-02-07 15:11:25.096root 11241100x8000000000000000696585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e49dbfaa5af272023-02-07 15:11:25.096root 11241100x8000000000000000696584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639137a8c6a7bf82023-02-07 15:11:25.096root 11241100x8000000000000000696601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05752ce02f4f70922023-02-07 15:11:25.097root 11241100x8000000000000000696600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40e46176c1b7ad22023-02-07 15:11:25.097root 11241100x8000000000000000696599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6a16687bc8e5b2023-02-07 15:11:25.097root 11241100x8000000000000000696598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c82b59906f8ac42023-02-07 15:11:25.097root 11241100x8000000000000000696597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399f7a30a268bb22023-02-07 15:11:25.097root 11241100x8000000000000000696596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2749466bc115482023-02-07 15:11:25.097root 11241100x8000000000000000696595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde23370fcdbd5682023-02-07 15:11:25.097root 11241100x8000000000000000696594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2549648aac54dc2023-02-07 15:11:25.097root 11241100x8000000000000000696608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c25e8270e4000ab2023-02-07 15:11:25.098root 11241100x8000000000000000696607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a791ba730966b2023-02-07 15:11:25.098root 11241100x8000000000000000696606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58ce20de3f058c2023-02-07 15:11:25.098root 11241100x8000000000000000696605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1cff3e10994e02023-02-07 15:11:25.098root 11241100x8000000000000000696604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac4f4eab516179e2023-02-07 15:11:25.098root 11241100x8000000000000000696603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565c8ec9fa78fbe62023-02-07 15:11:25.098root 11241100x8000000000000000696602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d69ae3fa3fd2e8e2023-02-07 15:11:25.098root 11241100x8000000000000000696610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d6fd8852c6c902023-02-07 15:11:25.099root 11241100x8000000000000000696609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f64e6e299a9297b2023-02-07 15:11:25.099root 11241100x8000000000000000696616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce6eb71547b5f42023-02-07 15:11:25.100root 11241100x8000000000000000696615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037301cda0404ddf2023-02-07 15:11:25.100root 11241100x8000000000000000696614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708d6db292436762023-02-07 15:11:25.100root 11241100x8000000000000000696613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8790719088c4f382023-02-07 15:11:25.100root 11241100x8000000000000000696612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665d6060460d2ddb2023-02-07 15:11:25.100root 11241100x8000000000000000696611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450b2004341e265c2023-02-07 15:11:25.100root 11241100x8000000000000000696622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee955f93e759a92023-02-07 15:11:25.101root 11241100x8000000000000000696621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2e96dcda2d173c2023-02-07 15:11:25.101root 11241100x8000000000000000696620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9344d9435cc0f7ed2023-02-07 15:11:25.101root 11241100x8000000000000000696619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097b64e46e384c32023-02-07 15:11:25.101root 11241100x8000000000000000696618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e734c6853b6be2023-02-07 15:11:25.101root 11241100x8000000000000000696617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69477169a89050f92023-02-07 15:11:25.101root 11241100x8000000000000000696631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5f7370ae511af2023-02-07 15:11:25.102root 11241100x8000000000000000696630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc2d253c285cb12023-02-07 15:11:25.102root 11241100x8000000000000000696629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c08aa4f5cea40cd2023-02-07 15:11:25.102root 11241100x8000000000000000696628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb435da02039f82023-02-07 15:11:25.102root 11241100x8000000000000000696627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb6c27286bd9ef2023-02-07 15:11:25.102root 11241100x8000000000000000696626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf695ba63e4eea262023-02-07 15:11:25.102root 11241100x8000000000000000696625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5bded71dd0a0c92023-02-07 15:11:25.102root 11241100x8000000000000000696624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842d6f4399e1d072023-02-07 15:11:25.102root 11241100x8000000000000000696623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37114902a99f7efe2023-02-07 15:11:25.102root 354300x8000000000000000696632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.168{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40272-false10.0.1.12-8000- 11241100x8000000000000000696638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a493d056447ebe7a2023-02-07 15:11:25.595root 11241100x8000000000000000696637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4ccfea0329cdcf2023-02-07 15:11:25.595root 11241100x8000000000000000696636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcd55439063ffda2023-02-07 15:11:25.595root 11241100x8000000000000000696635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb40a19f0e6567782023-02-07 15:11:25.595root 11241100x8000000000000000696634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908495790c024b232023-02-07 15:11:25.595root 11241100x8000000000000000696633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e716da08f415ddd62023-02-07 15:11:25.595root 11241100x8000000000000000696655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7cee93dd1468e2023-02-07 15:11:25.596root 11241100x8000000000000000696654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f218421cc492e52023-02-07 15:11:25.596root 11241100x8000000000000000696653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fedaa3238cac8a2023-02-07 15:11:25.596root 11241100x8000000000000000696652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb57c7a5a5425a92023-02-07 15:11:25.596root 11241100x8000000000000000696651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8797e51f0c564bad2023-02-07 15:11:25.596root 11241100x8000000000000000696650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cd05f9836ac9802023-02-07 15:11:25.596root 11241100x8000000000000000696649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275be0c33e126c4b2023-02-07 15:11:25.596root 11241100x8000000000000000696648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6c961613ff4e22023-02-07 15:11:25.596root 11241100x8000000000000000696647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d77e644a1c7ba22023-02-07 15:11:25.596root 11241100x8000000000000000696646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ec71d5f39052b2023-02-07 15:11:25.596root 11241100x8000000000000000696645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03ff49630b2217c2023-02-07 15:11:25.596root 11241100x8000000000000000696644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a33f3d600b561b62023-02-07 15:11:25.596root 11241100x8000000000000000696643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb111f4d3b6b6a2023-02-07 15:11:25.596root 11241100x8000000000000000696642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae95399d5894b12023-02-07 15:11:25.596root 11241100x8000000000000000696641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daea192ce8e7d0f2023-02-07 15:11:25.596root 11241100x8000000000000000696640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3950b372ac8d1a2023-02-07 15:11:25.596root 11241100x8000000000000000696639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23428065745e84d2023-02-07 15:11:25.596root 11241100x8000000000000000696667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e72d11daa5b8bc2023-02-07 15:11:25.597root 11241100x8000000000000000696666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb21579924207ed92023-02-07 15:11:25.597root 11241100x8000000000000000696665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca8e1ce33dcc402023-02-07 15:11:25.597root 11241100x8000000000000000696664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ee3e219e8f69fb2023-02-07 15:11:25.597root 11241100x8000000000000000696663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c5e4cd5f545aaf2023-02-07 15:11:25.597root 11241100x8000000000000000696662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d33319355bfd092023-02-07 15:11:25.597root 11241100x8000000000000000696661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79474ed41c0e7d9c2023-02-07 15:11:25.597root 11241100x8000000000000000696660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb46bc6b28212a0a2023-02-07 15:11:25.597root 11241100x8000000000000000696659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869171a4499a37b62023-02-07 15:11:25.597root 11241100x8000000000000000696658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fe31058cd02ae2023-02-07 15:11:25.597root 11241100x8000000000000000696657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5810ad7d8a2a6c72023-02-07 15:11:25.597root 11241100x8000000000000000696656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8855b03e6b6317c2023-02-07 15:11:25.597root 11241100x8000000000000000696669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f63695fa0396482023-02-07 15:11:26.095root 11241100x8000000000000000696668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207385dadde1fba2023-02-07 15:11:26.095root 11241100x8000000000000000696679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b04f13b02e3ad4b2023-02-07 15:11:26.096root 11241100x8000000000000000696678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37efcc4fc184412023-02-07 15:11:26.096root 11241100x8000000000000000696677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c203ab453e9229d32023-02-07 15:11:26.096root 11241100x8000000000000000696676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35465f946c574a2023-02-07 15:11:26.096root 11241100x8000000000000000696675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3e0a30ba6b8682023-02-07 15:11:26.096root 11241100x8000000000000000696674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165eb245eb76e6c2023-02-07 15:11:26.096root 11241100x8000000000000000696673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f000dfb35545137e2023-02-07 15:11:26.096root 11241100x8000000000000000696672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ea404427d542572023-02-07 15:11:26.096root 11241100x8000000000000000696671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f243bde6c5ba832023-02-07 15:11:26.096root 11241100x8000000000000000696670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78f597a2f034442023-02-07 15:11:26.096root 11241100x8000000000000000696689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f3b5222fc0fab2023-02-07 15:11:26.097root 11241100x8000000000000000696688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca08555be8e1a2f2023-02-07 15:11:26.097root 11241100x8000000000000000696687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b866d85af6f181712023-02-07 15:11:26.097root 11241100x8000000000000000696686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb4d2a380c1e16a2023-02-07 15:11:26.097root 11241100x8000000000000000696685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e17d1ffdd0cb92023-02-07 15:11:26.097root 11241100x8000000000000000696684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c80cb16d8fda2f2023-02-07 15:11:26.097root 11241100x8000000000000000696683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ad5e9295209ff2023-02-07 15:11:26.097root 11241100x8000000000000000696682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaaa461fb7dc57e2023-02-07 15:11:26.097root 11241100x8000000000000000696681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8247ac33981f0d2023-02-07 15:11:26.097root 11241100x8000000000000000696680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b7257531718a92023-02-07 15:11:26.097root 11241100x8000000000000000696700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573ec377fd292d92023-02-07 15:11:26.098root 11241100x8000000000000000696699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299cab85cf84438b2023-02-07 15:11:26.098root 11241100x8000000000000000696698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f979248c9bf81ace2023-02-07 15:11:26.098root 11241100x8000000000000000696697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c6a16b097403622023-02-07 15:11:26.098root 11241100x8000000000000000696696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1be30b4740b3182023-02-07 15:11:26.098root 11241100x8000000000000000696695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a48bb13c2b4a122023-02-07 15:11:26.098root 11241100x8000000000000000696694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3608d596f1bbf492023-02-07 15:11:26.098root 11241100x8000000000000000696693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786acfb77fe96172023-02-07 15:11:26.098root 11241100x8000000000000000696692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d06ee38641b03332023-02-07 15:11:26.098root 11241100x8000000000000000696691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5eb332588dd402023-02-07 15:11:26.098root 11241100x8000000000000000696690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252b0c35986b6ce22023-02-07 15:11:26.098root 11241100x8000000000000000696706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e049e07065fcc352023-02-07 15:11:26.099root 11241100x8000000000000000696705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce7361d0adc3472023-02-07 15:11:26.099root 11241100x8000000000000000696704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e7f670cefcc3222023-02-07 15:11:26.099root 11241100x8000000000000000696703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffac24dfc66114b2023-02-07 15:11:26.099root 11241100x8000000000000000696702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373a090be575a7942023-02-07 15:11:26.099root 11241100x8000000000000000696701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6604b3856cd7fce22023-02-07 15:11:26.099root 11241100x8000000000000000696711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b2f9cf84f44f7f2023-02-07 15:11:26.595root 11241100x8000000000000000696710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fdc983303b19872023-02-07 15:11:26.595root 11241100x8000000000000000696709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1501253726cac2023-02-07 15:11:26.595root 11241100x8000000000000000696708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff7dfe9299700202023-02-07 15:11:26.595root 11241100x8000000000000000696707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbc80a10fbe7c02023-02-07 15:11:26.595root 11241100x8000000000000000696728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6f596c105b36eb2023-02-07 15:11:26.596root 11241100x8000000000000000696727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a888d4d291f86802023-02-07 15:11:26.596root 11241100x8000000000000000696726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2745343e907e602023-02-07 15:11:26.596root 11241100x8000000000000000696725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc50ab2401c2b172023-02-07 15:11:26.596root 11241100x8000000000000000696724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf8b3b475759702023-02-07 15:11:26.596root 11241100x8000000000000000696723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e76585221d44692023-02-07 15:11:26.596root 11241100x8000000000000000696722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49e613e2d79b0162023-02-07 15:11:26.596root 11241100x8000000000000000696721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda5ccb14b83d122023-02-07 15:11:26.596root 11241100x8000000000000000696720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eccb0cdd9baa73d2023-02-07 15:11:26.596root 11241100x8000000000000000696719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc41e9bac3f280be2023-02-07 15:11:26.596root 11241100x8000000000000000696718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8203b6d60fcf2c962023-02-07 15:11:26.596root 11241100x8000000000000000696717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0ecb30ed0a61e62023-02-07 15:11:26.596root 11241100x8000000000000000696716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c490ffe43c0f3eab2023-02-07 15:11:26.596root 11241100x8000000000000000696715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b3f350e6428e42023-02-07 15:11:26.596root 11241100x8000000000000000696714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a393594db85fd2a2023-02-07 15:11:26.596root 11241100x8000000000000000696713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325e9eedca569a82023-02-07 15:11:26.596root 11241100x8000000000000000696712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ef895e5451c762023-02-07 15:11:26.596root 11241100x8000000000000000696741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c3a2db8d6c6142023-02-07 15:11:26.597root 11241100x8000000000000000696740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9268f034c07f23f2023-02-07 15:11:26.597root 11241100x8000000000000000696739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7991381ea9c4a2023-02-07 15:11:26.597root 11241100x8000000000000000696738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7999e2b5825ee52023-02-07 15:11:26.597root 11241100x8000000000000000696737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f8d40402ee82842023-02-07 15:11:26.597root 11241100x8000000000000000696736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b71bbe7ae93242023-02-07 15:11:26.597root 11241100x8000000000000000696735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a844a55eb318fc2b2023-02-07 15:11:26.597root 11241100x8000000000000000696734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed4da0ea0869ff2023-02-07 15:11:26.597root 11241100x8000000000000000696733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e4a3409da3b7382023-02-07 15:11:26.597root 11241100x8000000000000000696732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5216ddbde6b5082023-02-07 15:11:26.597root 11241100x8000000000000000696731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b74684102a91fac2023-02-07 15:11:26.597root 11241100x8000000000000000696730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b874bbf930c3c32023-02-07 15:11:26.597root 11241100x8000000000000000696729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdf1b7ef2677b502023-02-07 15:11:26.597root 11241100x8000000000000000696746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3665373f38a6ebc82023-02-07 15:11:27.095root 11241100x8000000000000000696745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011d9e2325ad2892023-02-07 15:11:27.095root 11241100x8000000000000000696744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a377c595003dd5fd2023-02-07 15:11:27.095root 11241100x8000000000000000696743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9374ac561fea1a482023-02-07 15:11:27.095root 11241100x8000000000000000696742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3c7baf644cb392023-02-07 15:11:27.095root 11241100x8000000000000000696752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c28f173fe436492023-02-07 15:11:27.096root 11241100x8000000000000000696751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629f0965eb78aa202023-02-07 15:11:27.096root 11241100x8000000000000000696750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafee576da898bcf2023-02-07 15:11:27.096root 11241100x8000000000000000696749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055f7ec64b6551e2023-02-07 15:11:27.096root 11241100x8000000000000000696748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb2b0b9270fb8f2023-02-07 15:11:27.096root 11241100x8000000000000000696747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030298d224cf30502023-02-07 15:11:27.096root 11241100x8000000000000000696759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df64cff859f29a2023-02-07 15:11:27.097root 11241100x8000000000000000696758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a83a09a9c2fc2f2023-02-07 15:11:27.097root 11241100x8000000000000000696757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c2473e906ab4352023-02-07 15:11:27.097root 11241100x8000000000000000696756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e00d7fdfe3e2e12023-02-07 15:11:27.097root 11241100x8000000000000000696755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e32b8c0c01cf3a52023-02-07 15:11:27.097root 11241100x8000000000000000696754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d2eeec695ba0f2023-02-07 15:11:27.097root 11241100x8000000000000000696753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023